YOUR FEEDBACK
Jeremy Geelan wrote: In response to inquiries and suggestions from readers this lexicon has recently...
Aug. 29, 2008 03:23 AM
Did you read today's front page stories & breaking news?
SYS-CON.TV: SOA Power Panel Live From Times Square


2008 East
DIAMOND SPONSOR:
Data Direct
Frontiers in Data Access: The Coming Wave in Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
Intel
Virtualization – Path to Predictive Enterprise
Green Hills
IT Security in a Hostile World
JBoss / freedom oss
Practical SOA Approach
GOLD SPONSORS:
Software AG
The Art & Science of SOA: How Governance Enables Adoption
PlateSpin
Effective Planning for Virtual Infrastructure Growth
Fujitsu
Automated Business Process Discovery & Virtualization Service
Ceedo
Workspace Virtualization
Click For 2007 West
Event Webcasts

2008 East
PLATINUM SPONSORS:
Appcelerator
Think Fast: Accelerate AJAX Development with Appcelerator
GOLD SPONSORS:
DreamFace Interactive
The Ultimate Framework for Creating Personalized Web 2.0 Mashups
ICEsoft
AJAX and Social Computing for the Enterprise
Kaazing
Enterprise Comet: Real–Time, Real–Time, or Real–Time Web 2.0?
Nexaweb
Now Playing: Desktop Apps in the Browser!
Sun
jMaki as an AJAX Mashup Framework
POWER PANELS:
The Business Value
of RIAs
What Lies Beyond AJAX?
KEYNOTES:
Douglas Crockford
Can We Fix the Web?
Anthony Franco
2008: The Year of the RIA
Click For 2007 Event Webcasts
SYS-CON.TV
TOP THREE LINKS YOU MUST CLICK ON


Open Source News Desk
Application Security for Open Source - The New Frontier
Building a partnership between security and engineering teams

By: Theresa Bui-Friday
May. 23, 2008 02:15 PM

Hybrid applications made up of proprietary, open source and third-party components are the result of today’s fast-paced and complex software development landscape. Applications developed within the last five years – whether internal or external – are at least 50% open source software (OSS) and third-party components. Of that amount, over one-third of it is undocumented. What were once purely proprietary applications are now complex code mashups. It’s safe to say that open source is everywhere – it’s woven throughout your enterprise network whether or not you are aware of it.

IDC Research has called the use of open source “the most significant, all-encompassing and long-term trend that the software industry has seen since the early 1980s.” [1] The study also revealed that open source was being used by 71% of worldwide developers, and was in production at 54% of their companies. Although upper management has only recently signed off on its use, developers have long understood that open source is the fastest (and cheapest) path to software innovation.

For good reasons, developers have been coding around OSS components for many years – it’s extremely accessible, it’s collaborative, and it’s free. While OSS offers clear benefits to application development, it also poses unique challenges to application security.

The sheer size of an application code base coupled with the number of contributing developers makes it nearly impossible for companies to get accurate documentation of OSS inventory and usage. Without this information, security vulnerabilities, copyright violations, and license requirements often go unnoticed. Undocumented code represents a significant gap in application security coverage that can lead to:

  • Loss of critical customer data
  • Release or theft of corporate confidential information
  • Emergency remediation to resolve license obligations
  • Financial loss due to legal action, fines, and/or product rework
  • Disruption of service
Published May. 23, 2008— Reads 8,989
Copyright © 2008 SYS-CON Media. All Rights Reserved.
About Theresa Bui-Friday
As VP of Product Marketing, Theresa Bui-Friday is responsible for Palamida's positioning, core communications content, go-to-market initiatives, and press and analyst relations team. She has over 12 years' of expertise in the software industry with a focus on emerging technology. Prior to Palamida, Theresa was Director of Strategic Marketing at Cacheon. She was also Director of Enterprise Marketing for Embark.com, which is now Princeton Review, where she held global responsibility for product marketing of the enterprise product lines, including competitive and market evaluation, strategic planning and outbound marketing programs.

LATEST JAVA STORIES & POSTS
By Ravi Kumar
What's the key to team and individual developer productivity in maintaining and extending a large application? Let’s start by making the following assertions: A developer's knowledge of an application code base is likely the single biggest factor of individual productivity. Cor...
By Maha Sengottiyan
An applet, a Java program that runs in a browser, often has to access the client resources. However, the security manager prevents an applet from accessing client resources. To access client resources, the applet has to have the proper permission. With this permission the applet ...
By Prabhu Balashanmugam; Yanbing Lu
Three-letter acronyms (TLAs) are hardly new in Information Technology: EAI, ESB, SOA, BPM, BAM, ETL, MDM; the list goes on and on. This article is about yet another three-letter acronym, EDA, which stands for Event-Driven Architecture. EDA is not a brand new technology, but rathe...
By Eclipse News Desk
Furthering its dedication to providing Java developers productivity with choice, Oracle announced the Oracle Enterprise Pack for Eclipse, a new component of Oracle Fusion Middleware. This release marks the first free Eclipse 3.4 environment to support Oracle WebLogic Server 10g R...
By RIA News Desk
Two of the biggest launches in Rich Internet Application history took place in 2007/2008 when Adobe launched AIR 1.0 in February '08 and Microsoft launched Silverlight (September '07). At the 6th International AJAXWorld RIA Conference & Expo in October SYS-CON Events is delighted...
By Virtualization News Desk
Red Hat CTO Brian Stevens, Citrix CTO Simon Crosby, Egenera CTO Pete Manca, Allen Stewart, Group Manager, Windows Virtualization at Microsoft, and Brian Duckering, Sr. Director of Products and Alliances at Symantec were the top industry executives who joined Jeremy Geelan in the ...
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021

SYS-CON FEATURED WHITEPAPERS

MOST READ THIS WEEK
By Aristo Togliatti
By Jay Blanton
By Patrick Curran
By Java News Desk
By Maureen O'Gara
By Alex Bakman
By Joe Winchester
By Rajagopal Marripalli
By Java News Desk
By Java News Desk
By Adrian Marriott
By Java News Desk
SPONSORED BY INFRAGISTICS
There are many forces that influence technological evolution. After a decade of building enterprise ...
Jun. 30, 2008 03:45 PM
2008 is going to be an important year for Rich Internet Applications. Most organizations are deliver...
Jun. 20, 2008 12:45 PM
The OpenAjax Alliance is developing an Ajax industry wishlist for future browsers, using a dedicated...
Jun. 18, 2008 07:45 PM
In every field of design one of the first things students do is learn from the work of others. They ...
Jun. 11, 2008 10:30 AM
Infragistics announced the availability of two Community Technology Preview (CTP) User Interface (UI...
Jun. 4, 2008 08:00 AM
The YUI development team has released version 2.5.2; you can download the new release from SourceFor...
Jun. 2, 2008 05:00 AM
ADS BY GOOGLE
BREAKING JAVA NEWS

SpringSource, a leading provider of infrastructure software and the company behind ...

Aug. 27, 2008 08:13 AM