I just wanted an opinion from you all.
At what point does open source become a security risk?
Thanks!
At what point does open source become a security risk?
Thanks!
Jun 29, 2002, 9:23 AM
Veteran (19537 posts)
Jun 29, 2002, 9:23 AM
Post #4 of 7
Views: 4390
Well obviously if your code is insecure then making it open source is a security risk.
>>are you saying that the level of security is in direct relation to the level of your code?<<
To a degree but it then depends what your code is for and what it relies on...for example if your code is a perl script using several modules by other authors..if your code is good you still have to rely on the code of the external modules being good too.
>>are you saying that the level of security is in direct relation to the level of your code?<<
To a degree but it then depends what your code is for and what it relies on...for example if your code is a perl script using several modules by other authors..if your code is good you still have to rely on the code of the external modules being good too.
Jun 29, 2002, 9:33 AM
Enthusiast (899 posts)
Jun 29, 2002, 9:33 AM
Post #5 of 7
Views: 4390
So it is the weakest link that dictates the level of security and if using shared resources the issue gets exacerbated.
Do you and other developers scrutinize the security of shared resources prior to use in your own developments?
Do you and other developers scrutinize the security of shared resources prior to use in your own developments?
Jun 29, 2002, 9:49 AM
Veteran (17240 posts)
Jun 29, 2002, 9:49 AM
Post #6 of 7
Views: 4360
In terms of "shared resources", there is always a risk in someone inserting insecure codes or deleting secure codes (as Paul pointed out).
One method of alleviating these types of problems is using source control software and ensure that developers insert comments and give a complete history of the changes they've made. Nice thing of source control software, like Visual SourceSafe, is that you can restore to earlier versions of files in case one gets totally hosed.
Of course, this is only in the context of "shared resources", using source control systems for open source scripts and apps is not realistic.
========================================
Buh Bye!
Cheers,
Me
One method of alleviating these types of problems is using source control software and ensure that developers insert comments and give a complete history of the changes they've made. Nice thing of source control software, like Visual SourceSafe, is that you can restore to earlier versions of files in case one gets totally hosed.
Of course, this is only in the context of "shared resources", using source control systems for open source scripts and apps is not realistic.
========================================
Buh Bye!
Cheers,
Me
Jun 29, 2002, 9:41 PM
User (378 posts)
Jun 29, 2002, 9:41 PM
Post #7 of 7
Views: 4343
Keep in mind that the code from open source products are viewed by thousands of people, and security holes are genereally discovered and fixed fairly quickly. Unless you are using a really unusual module, chances are that is is very secure.
It is definatly the weakest link that dictates the level of security. Hackers speacilise in finding a systems weakest link, and utlising it to access the system.
Cheers,
Michael Bray
It is definatly the weakest link that dictates the level of security. Hackers speacilise in finding a systems weakest link, and utlising it to access the system.
Cheers,
Michael Bray