Prepend
2008-07-17
  Open Source Secure Projects
A client I work with mentioned that for high security related projects, that developing them in an open source way will actually decrease the security provided by the project. The idea being that if anyone can see the architecture and code while it is being developed they can prepare to compromise the security. This made sense at the time and I nodded, but after chewing on it for a few weeks I think this is not the case at all.

There is certainly the argument that implementations are not open source. Of course that makes sense as no one will open up the server configs, passwords, private keys, etc. But the actual software that is used within an implementation gets more secure if developed as open source software.

So here's the short list off the top of my head of security related open source projects that are pretty widely used:


Of course others have written on this subject and pretty much conclude that not only does OSS improve a project's security, not being OSS is quite a large vulnerability.

Labels:

 
Comments:
Hi all,

I am working for a software integrator company. My projects includes working on Java and Ruby on Rails and Ajax. I think Web Services is really cool. We also recently have to now work on REST and they are talking about mashups and Struts. Can anyone tell me if there are some good training or conferences so that me and my team members can get to speed with these technologies. Learning from books is not my cup of tea, even not when I was doing engineering ;)

All the help that group members can provide in this regard is much appreciated.

Thanks,
Vaibhavi
 
Hi Vaibhavi,

There are several online resources available that you just google for. If any of your team like to read then quality books from wiley and oreilly cover such technologies in detail.

I also highly recommend you could attend the upcoming Great Indian Developer Summit (http://www.developersummit.com) that is covering Java, Agile, REST, JAX-RS, mashups, .NET, Rich Web, JPA, SOA, rich user experiences, Spring, Groovy and more. They have most of the creators of these technologies as speakers. My team is attending this summit 22-25 apr at IISc campus where we are attending the web conference on April 23 and java on April 24. We have been able to get very good discounts. Maybe all those who are interested from your group can sign up together and get a good bargain from them. what say? I also attended last year's conference and had a really cool time.

In Hyderabad there is Sun Tech Days with some sun speakers.

Thanks,
Anaz
 
Post a Comment



<< Home
Technical and personal notes from Brian Lee, technologist/enterprise architect/software developer/soa guy.

ARCHIVES
February 2005 / March 2005 / April 2005 / May 2005 / June 2005 / July 2005 / August 2005 / September 2005 / October 2005 / November 2005 / December 2005 / January 2006 / February 2006 / March 2006 / April 2006 / May 2006 / June 2006 / August 2006 / September 2006 / October 2006 / November 2006 / December 2006 / January 2007 / May 2007 / June 2007 / August 2007 / September 2007 / October 2007 / April 2008 / July 2008 / January 2009 / May 2009 / June 2009 /
My Photo
Name: Brian Lee
Location: Atlanta, Georgia, United States

 
Web prepend.com






Powered by Blogger