« Podcast: Talking to... Bob Bickel of Ringside, open source social computing startup | Main | More research on why the open source market is disappearing »

Fortify Software has a good PR agency. Just as the open source software (OSS) community gathers for OSCON the week of July 21 and LinuxWorld on August 4, the security-software-and-services company has released a damning report on OSS security. It’s a slow news period so all the online (and I assume printed) publications lead with the news. The firestorm on the blogosphere is predictable. Every story and posting mentions Fortify. As I said, Fortify has a good PR agency.

It’s hard to argue against the methods that Fortify recommends open source communities adopt. Patrick Lightbody explained some similar solutions in his article here on ebizQ in September 2007. We will talk about them as well in our August 20, 2008 OSS Roundtable, with Jim Zemlin of the Linux Foundation, Ross Altman of Sun, and Dominic Sartorio of the Open Solutions Alliance.

But the survey paints OSS with an awful broad brush based on a few projects out of tens of thousands. Thinking of Jim, Ross and Dominic led me to ask myself (and Fortify—answer to follow if provided) why the projects tested were picked and why some of the more popular projects—embodied in the term, the LAMP stack—were not. The Fortify document says the reason is that the projects selected were implemented in Java and Java is the most popular enterprise-level development language.

So maybe this is really a study about Java security issues. But JavaOne happened in June. Like I said, Fortify has a good PR agency.

Posted by dennisb in OSS Development |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/3591

Posted by: Dennis at July 24, 2008 08:46 AM | Permalink