-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fortify jumps on the Meta open source bandwagon
,----[ Quote ]
| Were they, rather, suggesting it might be useful to take a look at stuff
| like, you know, GNU/Linux, Apache, MySQL? That was more the impression I got.
| And is this covered in the slightest by the Fortify Software report? No, I
| thought not.
|
| In other words, the current press release is extrapolating from some old
| research on 11 Java packages to the entire open source ecosystem.
|
| [...]
|
| Well, I'd say it's highly questionable whether Fortify Software has thought
| this issue through before criticising the Tory party for *supporting* open
| source.
`----
http://www.computerworlduk.com/community/blogs/index.cfm?entryid=1834&blogid=14
Fortigy are friends of the criminals from Redmond, which makes them no better.
Recent:
FORTIFY-MICROSOFT ALLIANCE
,----[ Quote ]
| Microsoft and Fortify Software are enabling software developers and testers
| to build and deliver more secure applications. Visual Studio 2005 Team
| Edition for Software Testers offers an easy-to-use yet powerful framework for
| testing. Fortify leverages this infrastructure and adds Web application
| security testing capabilities. The combination of the two effectively brings
| basic security testing out of the realm of specialized experts and into the
| hands of software testers. In addition, Fortify provides its award-winning
| source code analysis capabilities to Visual Studio Team Edition for
| Developers so security flaws discovered in development and testing can be
| diagnosed and fixed quickly. Working closely with the Visual Studio team has
| enabled Fortify Software to incorporate its innovative software security
| capabilities within the powerful Visual Studio...
`----
http://www.microsoft.com/windowsserversystem/applicationplatform/launch2005/partners/fortify.mspx
Recent:
Ingres gives Fortify security study a good fisking
,----[ Quote ]
| Her main points:
|
| 1. There are other security toolkits other than Fortify. Just because you
| don’t use their system doesn’t mean you don’t care.
| 2. When reading vendor-sponsored studies consider the source. Always a
| wise move.
| 3. Open source projects in Fortify’s Open Review report fewer defects per
| thousand lines of code than proprietary products in the same review. I
| didn’t know that.
`----
http://blogs.zdnet.com/open-source/?p=2691
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmLqwMACgkQU4xAY3RXLo6VIQCgpPTLyfTCQXHKwagEuISfbpJg
K1wAn1VxpYbm5M1kg6QzGqBB+mG35uw9
=gO9W
-----END PGP SIGNATURE-----
|
|
