Security Vulnerabilities and Liabilities in Software

In discussions around grey areas relating to open source software, licensing concerns are usually the first item that comes up, but open source security vulnerabilities could be another cause for concern.  Aside from hurting a company’s business, damaging supplier reputation and costing time and money to fix, security vulnerabilities can raise liability concerns as well. 

Open source software forms the foundation of much of the software we use today.  Access to freely available open source code allows developers to develop software faster, lowering the cost of development and enabling software companies to stay ahead of the competition.  But there are potential security, licensing, and quality challenges that can arise when using any third party, including open source, code. 

Open Source Security Threats and Liability

For years a debate has been raging to determine which software is more secure; open source or proprietary.  Those on the open source side use the peer-review argument- that due to the very nature of open source software the code has the chance to be reviewed by larger open source community as a whole.  It may seem that the “many eyes” side of the security argument suffered a huge blow in April when the OpenSSL Heartbleed vulnerability was discovered.  But you could also argue that the bug was discovered in part because the code could be viewed by anyone.  Although some pundits deemed Heartbleed the end of open source, we can say with certainty that this will not be the case. With more than half a billion open source software files available in the public domain, the case against open source was convincingly crushed more than a decade ago.

Download Full Article

Fill out the form below and the paper will be emailed to you

© Copyright 2017 Synopsys, Inc. All Rights Reserved Worldwide

To purchase Synopsys products or
services please call (800) 873-8193