Oh yeah, that's a valid study.
|
| Author | Content |
|---|---|
| techiem2 Jul 21, 2008 8:21 AM EDT |
Quoting:The survey, which was undertaken by application security consultant Larry Suto, looked at a total of just 11 of the most common Java open source packages. |
| Sander_Marechal Jul 21, 2008 8:34 AM EDT |
What ticked me off was:Quoting:It argues that little has been done within the OSS community to implement what it calls "enterprise-worthy application security measures" When I see "enterprise-worthy" I think http://www.thedailywtf.com and see an image of a self-proclaimed "IT expert" in a suit. It makes me cringe all over. |
| tuxchick Jul 21, 2008 8:39 AM EDT |
This article needs 'humor' tags. Especially the last line- that makes it an opinion piece, not a news article. |
| phsolide Jul 21, 2008 9:10 AM EDT |
Two things come to mind. (1) An old african saying: "Pay a witch hunter, and by gosh they will find you a witch!" (2) Something I saw in an image of a PowerPoint presentation on boingboing.net: Scaling Extensible Whatever with Blah Blah Blah Across the Enterprise. "Enterprise", when used as an adjective, means almost nothing. "Enterprise" "apps" are almost universally poorly designed, and execrably coded (as Visual Basic, even when they're nominally in Java), with predictably mediocre results. |
| number6x Jul 21, 2008 9:13 AM EDT |
Do you mean tags like these? <humor> Is open source software bad for business? Yes it is, but proprietary software is much much worse. </humor> |
| Bob_Robertson Jul 21, 2008 10:00 AM EDT |
6, that's not funny. |
| number6x Jul 21, 2008 10:38 AM EDT |
_Bob_R, I was kind of playing off of the 'Enterprisey' theme of this thread. I've worked for very large clients as a contract programmer for over 12 years, and have recently become an employee at one. Even the smallest tasks are made maddeningly huge when built in the normal SDLC (Software Development Life Cycle) of a large corporation. There is no way to do a small project. At least not following the rules. There is almost nothing enterprising about enterprise. The best you can hope for is the least worst. |
| grosspatzer Jul 21, 2008 10:43 AM EDT |
This one caught my attention because $employer is currently implementing Fortify to scan internal app code. I'll bet some really smart corporate IT types might notice that the documentation in this "study" was produced by scanning source code using Fortify's scanning tools. Which can be had, for a small fee. Such an executive, if she's really, *really* smart, might get the idea that it would be a good idea to scan the source code of any application her enterprise planned to deploy. Proprietary apps don't normally provide the source code, but I guess one could rely on a vendor's assurance that "best security practices" are being followed. Sure. I wonder if Fortify has a certification program in which, again for a small fee, an application can be certified as having passed their rigorous certification process. "Certified by Fortify". |
| Bob_Robertson Jul 21, 2008 11:13 AM EDT |
Sorry, 6, I forgot the {sarcasm} tags. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!