Palamida On security
Who is responsible for your supplier's vulnerabilities?
Software audits expose risks before they become issues.
The recent article by Sean Michael Kerner Why All Linux (Security) Bugs Aren't Shallow (posted February 20, 2015) on www.esecurityplanet.com highlights some of the recent vulnerabilities and security breaches in Open Source Software (OSS). As the article explains, many Open Source distributions simply lack the funding to undertake their own security management. The article also quotes Jim Zemlin, executive director of The Linux Foundation, who in reference to some recent high profile open source vulnerabilities said that while open source code is visible “in these cases the eyeballs weren't really looking.”
Palamida believes that avoiding security vulnerabilities should be a proactive process for every company. Getting software audited early can help companies to expose risks before they become issues. Every company should take responsibility for its software, rather than expecting suppliers to do the job for them. Failing to secure networked devices and software in general, raises the risk of legal liability for breach of contract or data protection laws. We are not in the business of giving legal advice, instead we help organizations understand their risk by providing confidential software audits. We also offer software products for managing open source and other third-party code use. Managing security risks is essential for maintaining customer trust and the competitiveness of your products.
Source cited: www.esecurityplanet.com/open-source-security/why-all-linux-security-bugs-arent-shallow.html