Open Source Security Study: Fortify Got it Wrong

Several bloggers have already reported on the Open Source Security Study released by Fortify’s Security Research Group (and Larry Suto), but we are yet to see anyone take an in-depht look at the study itself. This is our attempt to take a closer look at the study titled “How Are Open Source Development Communities Embracing Security Best Practices?”. The study which was released as an 11-page report, is free to download from the company’s website.

We’ll analyze some of the statements and conclusions made in the report, and also look at a couple of the “Open Source Development Communities” that the study surveyed.

What led Fortify to embark on this study? According to Fortify, the study was inspired by:

  • An April 2008 survey by showed that more than half of the respondents (53 percent) are using open source applications in their organization today, and an additional 10 percent plan to do so in the next year. For nearly half (44 percent), open source applications are considered equal to closed-source solutions during the acquisition process.
  • The European Commission’s Competition Commissioner, Neelie Kroes, recently stated that open standards, and open source, are preferable to traditional closed source software

So, favorable comments from two influential people about Open Source solutions inspired Fortify to undertake this study of 11 open source communities which were chosen because:

they are implemented in Java (the most common programming language for enterprise development, represent a wide range of application functionality, and are used extensively to build and deploy enterprise applications.

And the chosen (open source) applications are:

Read the rest of the article here.

Related Posts

How to stop Conflicker: Switch to Linux On April 1st, the Conficker worm, perhaps the most wide-spread malware program in history, is set to activate. We don't know what Conficker will do, b...
What If All Software Was Open Source? A Code to Unlock the Desktop What if all software was open source? Anybody would then be able to add custom features to Microsoft Word, Adobe Photoshop, Apple iTunes or any other ...
Why Microsoft Suddenly Wanted to Be More Interoperable Guess why Microsoft suddenly decided it wanted to be more interoperable? It's so it can get customers to quit using Linux and switch to Windows & ...
An Express-Lane for the Internet The Internet is expected to be inundated in the future with billions of gigabytes (or exabytes) of data as high-definition video and other bandwidth-b...
The Car Analogy By Tal Schechter: What if buying a new car were like using nonfree software? While the following example may seem a little far-fetched, it is a pretty...
Open Source Education Open source or software freedom isn’t simply another way of procuring software, it’s more a state of mind, a particular attitude to technology. Of cou...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.

Leave a Comment

Your email address will not be published. Required fields are marked *