The hidden risks inside open-source code - Help Net Security
www.helpnetsecurity.com
Open source code scanning helps CISOs uncover risks and protect their software supply chain by identifying vulnerabilities before deployment.

Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where trouble can start. James Cusick, a researcher at Ritsumeikan University, recently set out to answer a question: how secure is the code we depend on? His study looked at both open-source and … More → The post The hidden risks inside open-source code appeared first on Help Net Security.

  • Pennomi@lemmy.worldEnglish
    4·
    27 days ago

    What’s with this hit piece on open source software? Imagine thinking a proprietary black box is more secure than something you can audit and fix. Plus the statistics presented here are clearly cherry picked to make it look worse.

    The entire idea of FOSS being a “hidden” risk is absolute bullshit. There’s nothing in the world LESS hidden.

    • tangeli@piefed.socialEnglish
      2·
      11 days ago

      And “six potential issues in just 682 lines of code” is not “about one problem for every 27 lines”.

      Also, no indication of how the code was selected or why they are credibly representative of FOSS and closed source software generally. I find it quite incredible.