Open Source Security

The risks from unknown security vulnerabilities and quality bugs in open source code pose a problem for consumers of open source software and for the open source community.

Fortify has developed an open source security initiative, called Java Open Review, which identifies and reports bugs and security vulnerabilities in widely used Java open source software. To learn more, click here

To download Fortify's Open Source Security Study, click here.

Reports

Download the Open Source Security Study Today

Fortify's Open Source Security Study reveals that the most widely-used open source software packages for the enterprise are exposing users to significant and unnecessary business risk. Click here to download this ground-breaking study

White Papers

Security Analysis of Critical Java-based Open Source Applications

The use of open source software (OSS) is growing rapidly. While cost is a significant factor, the reliability of several OSS packages illustrates that a low price tag is not the only driver. Download White Paper (Registration required)

Webcasts & Videos

Open Source Security

Fortify Software’s Chief Scientist Dr. Brian Chess shows that open source developers cannot rely on the “many eyeballs” method to ensure security. Watch Video (ZDNet Video: 1:54 mins)

A CISO's Guide to Securing Open Source Software

For a CISO, open source introduces a new source of risk and unique security challenge: how do you influence developers over whom you have no direct management control? Jennifer Bayuk, former CISO of Bear Stearns, provides insight on best practices for evaluating, deploying and managing open source code. Watch Video (Registration required)