Open-Source Apps Earn Software Security Seal Of Approval - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Mobile & Wireless
11:38 AM

Open-Source Apps Earn Software Security Seal Of Approval

Two prominent open-source projects recently got a thumbs-up from Veracode, a company that applies a standards-based approach to software vulnerability testing.

Two prominent open-source projects recently got a thumbs-up from Veracode, a company that applies a standards-based approach to software vulnerability testing.The two open-source apps, OpenVPN and the Sendmail Mail Transfer Agent, are both extremely popular among business users. According to a Veracode press release, its "A" rating indicates that a software developer has "developed a secure application that has been independently evaluated for software vulnerabilities against industry standards."

Security is a major concern for both projects. OpenVPN is a widely used tool for creating point-to-point encrypted network connections, and Sendmail MTA is the single most widely used application of its type -- open-source or proprietary -- in use today.

Third-party software vulnerability testing is a growth market, and Veracode is one of the companies at the forefront of this industry. The company tests both open-source and proprietary applications using several independent software-security standards.

The idea is to provide an impartial, objective source of software security assessments. Veracode is a for-profit company that charges software developers for its assessments; the idea is that companies whose products receive a high security rating will be able to market themselves more effectively to customers.

Since Veracode's tests are applied to compiled code, proprietary software vendors are able to submit their products for testing without being forced to reveal their source code to an outside organization. (Of course, this isn't a problem for open-source software such as OpenVPN and Sendmail.)

This approach offers some obvious benefits. First and foremost, it assures software users that a product has been tested extensively against a consistent set of standard software-security criteria. That doesn't guarantee that an application is completely free of potential security flaws, but it certainly offers an additional measure of assurance.

On the other hand, it is possible to argue that a for-profit company like Veracode might face pressure to adjust its results to satisfy its paying customers -- that is, the companies that submit their software for testing. It's an obvious concern, although Veracode's implementation of industry-standard software security benchmarks provides an obvious way to avoid the problem.

Software vulnerability testing isn't a totally effective way to detect potential security flaws. It is, however, an important new addition to the software security arsenal. And for business users, these types of third-party testing and rating schemes are definitely worth considering as part of any software evaluation process.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Can Low Code Measure Up to Tomorrow's Programming Demands?
Joao-Pierre S. Ruth, Senior Writer,  11/16/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll