News on U.S. government agencies, U.S. politics, companies doing business with U.S. federal government. Read U.S. national and local news. This site is not affiliated with United States Government.
Home : U.S. Government News Search Engine                          
(EMAILWIRE.COM, February 19, 2009 ) London, UK - President Obama's Administration is being encouraged to embrace open source software, copying a similar UK government game plan. However, the Administration needs to insist that secure development processes are in place for open source projects, says Fortify Software, the software security assurance experts.
In a letter to President Obama, a group of 15 open source advocates are suggesting that the US government adopt open source applications in preference to commercial programs, a process they claim will save the government a lot of money.
Roger Thornton, Fortify’s CTO noted, “Governments and open source proponents need to understand that security is not a birthright. It does not come 'for free' because of the way you license your product. If security objectives are not clear and secure development methodologies are not in place, it’s a pretty safe bet that security problems will result –whether open source or commercial software.”
According to Thornton, the net result of the potential security flaws that can arise from open source means that the direct cost savings of using such programs as an alternative to commercial software can be significantly outweighed by the indirect costs.
By indirect costs, he means the cost of remediation and hardening the code concerned, as well as the potential costs of litigation that can result when things go badly awry and rogue code causes problems.
Thornton continued, “We have experience with hundreds of development organizations establishing, and in many cases, defining, engineering processes that assure application security. These organizations have put in place security controls for open source because of poor security practices.”
"Our manual and automated review of Hipergate highlight what a lack of security process means. Hipergate lacks a security expert and doesn’t even have a security email alias. Hipergate has about 16 vulnerabilities per 1000 lines of code—which is outrageously high. Hipergate should not be used by anyone," he said.
"Because of this, we urge President Obama's Administration to thoroughly research the possibilities offered by open source, but also consider the ramifications of using this technology," he added.
We are pleased to offer you this exciting, new, and entirely free professional resource. Visit our Free Industry resource center today to browse our selection of 600+ complimentary Industry magazines, white papers, webinars, podcasts, and more. Get popular titles including: