Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Code testing advice for users of open source code

Fortify : 24 December, 2009  (Technical Article)
With the major release of open source cloud computing security applications from Sun Microsystems, Fortify is warning users of any open source code to do extensive code testing to uncover vulnerabilities before use
Following Sun Microsystems' decision to release a raft of open source applications to support its secure Cloud Computing strategy, Fortify Software is recommending companies conduct extensive security tests of their customised open source software before deployment.

'Given the significant savings to be had from using open source applications, Sun's strategy is a security testing at all stages in the customisation process,' said Richard Kirk, European Director with the application vulnerability specialist.

'It's also good to see Sun announcing its support for the new security guidance from the Cloud Security Alliance, since this means that its open source apps will support the best practice guidelines, which is essential when supporting a private cloud infrastructure,' he added.

According to Kirk, whilst the use of encryption and VPNs to extend a secure bridge between a company IT resource and a private cloud facility is very positive - especially now that Amazon is best testing its pay-as-you-go private cloud facility - it's important that the underlying application code is also secure.

Security in any IT resource, he explained, is only as strong as the weakest link, so it's just as important to secure the source code of the software being used as it is to defend the cloud environment, as well as other aspects of a company's IT systems.

'Sun's strategy in opting for open source cloud security tools - including OpenSolaris VPC Gateway, Immutable Service Containers, Security Enhanced Virtual Machine Images and a Cloud Safety Box - is excellent news on the private cloud security front,' he said.

'Even so, if businesses go down this route, it's critically important that they invest some of the costs saved by taking the open source path, in security at the program code development and customisation stages. This will help them to create an even more robust solution,' he added.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo