Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Microsoft Puppet Fortify Attacks FOSS

Hash: SHA1

Fortify jumps on the Meta open source bandwagon

,----[ Quote ]
| Were they, rather, suggesting it might be useful to take a look at stuff 
| like, you know, GNU/Linux, Apache, MySQL? That was more the impression I got. 
| And is this covered in the slightest by the Fortify Software report? No, I 
| thought not.   
| In other words, the current press release is extrapolating from some old 
| research on 11 Java packages to the entire open source ecosystem.  
| [...]
| Well, I'd say it's highly questionable whether Fortify Software has thought 
| this issue through before criticising the Tory party for *supporting* open 
| source.  


Fortigy are friends of the criminals from Redmond, which makes them no better.



,----[ Quote ]
| Microsoft and Fortify Software are enabling software developers and testers
| to build and deliver more secure applications. Visual Studio 2005 Team
| Edition for Software Testers offers an easy-to-use yet powerful framework for
| testing. Fortify leverages this infrastructure and adds Web application
| security testing capabilities. The combination of the two effectively brings
| basic security testing out of the realm of specialized experts and into the
| hands of software testers. In addition, Fortify provides its award-winning
| source code analysis capabilities to Visual Studio Team Edition for
| Developers so security flaws discovered in development and testing can be
| diagnosed and fixed quickly. Working closely with the Visual Studio team has
| enabled Fortify Software to incorporate its innovative software security
| capabilities within the powerful Visual Studio...



Ingres gives Fortify security study a good fisking

,----[ Quote ]
| Her main points:
|    1. There are other security toolkits other than Fortify. Just because you
|       don’t use their system doesn’t mean you don’t care.
|    2. When reading vendor-sponsored studies consider the source. Always a
|       wise move.
|    3. Open source projects in Fortify’s Open Review report fewer defects per
|       thousand lines of code than proprietary products in the same review. I
|       didn’t know that.

Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index