Ounce in the News

Open Source Security: Five Best Practices

9/10/2007, SearchSMB

Summary

For small and medium-sized businesses (SMBs), open source software is a good choice, both from a cost perspective and from its perceived security advantage over commercial off-the-shelf software packages. But, like its commercial counterpart, open source software still needs to be hardened, patched and locked down before it is deployed. The five best practices for SMBs to ensure open source application security are:

• Complete a software inventory to establish a measure of control over what is installed in-house.
• Do patch management for open source software by manually applying patches for products that lack automated updates, or automatically installing updates via scripts.
• Manage open source software to avoid security vulnerabilities from specific ports, and ensure its compatibility with existing network security architecture.
• Change all default security settings when open source software is installed to keep out hackers, and upgrade the built-in access management systems that come with it.
• Use security auditing software, such as tools from Ounce Labs Inc., to scan for security vulnerabilities.

Read the full article at SearchSMB.

Learn more about source code security.