Free Software security vulnerabilities: Heartbleed and other case studies?

• Previous message (by thread): Free Software security vulnerabilities: Heartbleed and other case studies?
• Next message (by thread): Paper "Security record of open source and free software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks Vitaly! It's true that many license compliance tools are now
taking security into account, which is an interesting development.

Also on topic:
https://www.esmt.org/sites/default/files/dsi_ipr5_engl-dt.pdf

Best,
Hugo

↪ Vitaly Repin / août 14, 2017 12:11:
> Hello,
> 
> I think I have to add my 5 cents. There are commercial (ironically
> proprietary) products on the market which analyze the software and build a
> list of open source dependencies.
> 
> Then, based on this list of open source dependencies, they build a list of
> vulnerabilities which might be presented in the analyzed software.
> 
> Example of such tool:
> https://www.blackducksoftware.com/solutions/application-security  (Check
> "Manage Open Source vulnerabilities")
> 
> 2017-07-26 23:51 GMT+03:00 Hugo Roy <hugo at fsfe.org>:
> 
>> Thank you Bastien, this is interesting and helpful.
>>
>> Does anyone has interesting articles about recent vulnerabilities
>> discovered in free software?
>>
>> Best,
>> Hugo
>>
>> ↪ Bastien Guerry / juillet 26, 2017 15:50:
>>
>>> Hi Hugo,
>>>
>>> Hugo Roy <hugo at fsfe.org> writes:
>>>
>>> Any case studies on how the world dealt to react quickly and update
>>>> systems in reponse to Heartbleed for instance?
>>>>
>>>
>>> I remember blackduck had some reports comparing FLOSS/non-FLOSS with
>>> respect to their security, I found this, but I’m sure there are more
>>> detailed documents:
>>>
>>> https://info.blackducksoftware.com/rs/872-OLS-526/images/OSS
>>> AReportFINAL.pdf
>>>
>>> Also, a bit older, but with more data:
>>> http://go.coverity.com/rs/157-LQW-289/images/2014-Coverity-S
>>> can-Report.pdf
>>>
>>> I’m not a specialist at all, and all these sources must be read with
>>> a grain of salt, because authors are often not neutral.
>>>
>>> HTH,
>>>
>>> --
>>>  Bastien
>>>
>>>
>> _______________________________________________
>> Discussion mailing list
>> Discussion at lists.fsfe.org
>> https://lists.fsfe.org/mailman/listinfo/discussion
>>
>>
> 
> 
> -- 
> WBR & WBW, Vitaly
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20170819/c937aa03/attachment.sig>

• Previous message (by thread): Free Software security vulnerabilities: Heartbleed and other case studies?
• Next message (by thread): Paper "Security record of open source and free software"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]