Free Software security vulnerabilities: Heartbleed and other case studies?
Vitaly Repin
vitaly_repin at fsfe.org
Mon Aug 14 10:11:57 UTC 2017
Hello,
I think I have to add my 5 cents. There are commercial (ironically
proprietary) products on the market which analyze the software and build a
list of open source dependencies.
Then, based on this list of open source dependencies, they build a list of
vulnerabilities which might be presented in the analyzed software.
Example of such tool:
https://www.blackducksoftware.com/solutions/application-security (Check
"Manage Open Source vulnerabilities")
2017-07-26 23:51 GMT+03:00 Hugo Roy <hugo at fsfe.org>:
> Thank you Bastien, this is interesting and helpful.
>
> Does anyone has interesting articles about recent vulnerabilities
> discovered in free software?
>
> Best,
> Hugo
>
> ↪ Bastien Guerry / juillet 26, 2017 15:50:
>
>> Hi Hugo,
>>
>> Hugo Roy <hugo at fsfe.org> writes:
>>
>> Any case studies on how the world dealt to react quickly and update
>>> systems in reponse to Heartbleed for instance?
>>>
>>
>> I remember blackduck had some reports comparing FLOSS/non-FLOSS with
>> respect to their security, I found this, but I’m sure there are more
>> detailed documents:
>>
>> https://info.blackducksoftware.com/rs/872-OLS-526/images/OSS
>> AReportFINAL.pdf
>>
>> Also, a bit older, but with more data:
>> http://go.coverity.com/rs/157-LQW-289/images/2014-Coverity-S
>> can-Report.pdf
>>
>> I’m not a specialist at all, and all these sources must be read with
>> a grain of salt, because authors are often not neutral.
>>
>> HTH,
>>
>> --
>> Bastien
>>
>>
> _______________________________________________
> Discussion mailing list
> Discussion at lists.fsfe.org
> https://lists.fsfe.org/mailman/listinfo/discussion
>
>
--
WBR & WBW, Vitaly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20170814/3e863bd6/attachment.html>
More information about the Discussion
mailing list