InstantForum.NET v4.1.4Micro Mart Forumhttp://forum.micromart.co.uk/forums@micromart.co.ukTue, 02 Dec 2008 04:24:13 GMT20http://forum.micromart.co.uk/Topic300079-22-1.aspxThe word for word quote from the Fortify web site smacks of an attempt by them to throw enough mud so that some will stick, but interestingly my Ubuntu FF3 was reluctant to disengage from their web-site, as if from a 'honey pot', so there could have been a lot of third party cookie rejection going on. :crazy:Wed, 23 Jul 2008 21:11:35 GMTBruce Rhttp://forum.micromart.co.uk/Topic300079-22-1.aspxThe flood of FUD. Who will be our Noah?Wed, 23 Jul 2008 19:24:59 GMTAttercophttp://forum.micromart.co.uk/Topic300079-22-1.aspxStill more crapola.....?<br><br>ZzzzzzzzzWed, 23 Jul 2008 19:23:33 GMTgn2http://forum.micromart.co.uk/Topic300079-22-1.aspx[quote]Listen up Open Sourcers: You're slackers! That's the latest word from Fortify Software, the result of [url=http://www.linuxinsider.com/rsstory/63875.html]a study by the security-software vendor into the security of Open Source Software[/url], an undertaking aimed at "informing" enterprise users of the "risks" associated with the Wild West of non-proprietary software.<br><br>The study, which presumably represents a startling advancement in scientific research, studied eleven Java-based Open Source offerings without commercial support and managed to extrapolate those results into a resounding condemnation of the entire community. [url=http://www.fortify.com/news-events/releases/2008/2008-07-21.jsp]According to Fortify[/url] "the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk" and that "nearly all OSS communities fail to provide users access to security expertise to help remediate these vulnerabilities and security risks." Really? The most widely used Open Source packages are all Java-based and lack commercial support? The eleven projects you studied represent nearly all Open Source communities? And why, exactly, are the names of these projects noticeably absent from what is otherwise a press release just brimming with information?<br><br>Of course, Fortify doesn't want us to take it personally, telling Linux Insider they hope for a positive response. Still, there are "no real concerns about a negative reaction to the study findings." Hardly surprising. One has to wonder what kind of concerns they have about [url=http://www.linuxjournal.com/content/merchandising-mysql-scalping-skype-and-fuzz-facebook]certain high-profile proprietary software packages[/url] with documented history of [url=http://www.linuxjournal.com/content/google-wants-fly-netflix-grounded-and-mr-mozilla-hopping-mad]sweeping security breaches under the rug[/url], and if they're aware that while those "secure" producers are [url=http://www.linuxjournal.com/content/internet-down-so-microsoft-not-fox]busy practicing the maxim "Deny, Deny, Deny,[/url]" the Open Source community is [url=http://www.linuxjournal.com/node/1005781]busy patching the holes[/url].<br><br>Anyone who would like to read the report and learn just which projects compose the entirety of the Open Source community these days can [url=http://www.fortify.com/l/oss/oss_report.html]register at Fortify's website[/url] to receive a copy of the report. Of course, [url=http://uptime.netcraft.com/up/graph?site=http%3A%2F%2Fwww.fortify.com]it's on a Linux/Apache stack[/url], so no guarantees about the security...[/quote]<br>[url=http://www.linuxjournal.com/content/fortify-your-day-fud]Full article here.[/url]Wed, 23 Jul 2008 18:56:02 GMTAttercop