Open source software is the norm these days rather than the exception. The code is being written in high volumes and turning up in critical applications. While having this code available can offer big benefits, users also must be wary of issues the code can present and implement proper vetting.
Josh Bressers, cybersecurity strategist at Red Hat, emphasized this point during a recent talk with InfoWorld Editor at Large Paul Krill.
InfoWorld: Why is Red Hat getting on the soapbox about open source security?
Bressers: We've been on this soapbox for a long time. Fundamentally, there's a supply chain with software. In the past, you've not really thought of software using the supply chain concept. [In the past, it was thought of as] some dude writes software, and that's how it is. We're realizing now that there are vendors, and vendors provide you with a thing that goes into your product and obviously it's designed in a way that with a supply chain if you use low-quality parts, by definition, you're only going to get a low-quality product out the other side.
To read this article in full or to leave a comment, please click here