Open source has always left so many questions unanswered on whether your comfort level for software security is high or you have sleepless nights.<\/p>\n
The keys for open source have the following open questions, can someone else view the source and modify it \u00a0or do you rely on internal software developers fix the security flaws. \u00a0 Open source is mostly freely written software by developers who love to write software code and do not mind submitting their projects for all to use.<\/p>\n
When using open source, the internal developers need to test the piece out and whether it can be used in the production systems. \u00a0It is up to the developer to test the code on a machine that can be safely removed from production. \u00a0After the testing \/ QA phase the software can then be released into production.<\/p>\n
The one key piece of the above paragraph is that the word testing is involved. \u00a0There are quite a few developers that tend to think they can incorporate their code as well as open source into a production system without even testing it. \u00a0Those are the companies that tend to write terrible, buggy nonsense and could open up lawsuits due to the damages incurred by their clients.<\/p>\n
<\/p>\n
<\/p>\n
How do I secure the Open Source code that i download ?<\/strong><\/p>\n Download only from a trusted source. \u00a0You should be able to grab code from GitHub or a download center that you can trust but if you think you can download a piece of code from any FTP or WEB server, you open up the door for anything to happen. \u00a0As described in the terminator, you are the virus.<\/p>\n You have the option to insert or update the open source when a patch \/ upgrade is released. \u00a0That is one way but if you think about it, you have the internal developer who should be able to update the code themselves otherwise what is the point you might as well hire the open source developer.<\/p>\n <\/p>\n Maintain security on your software by simply locking down the production release and update only when you have QA\/test the application in a test environment. \u00a0You need to make sure that your internal developer understands the legal aspect as well when using the open source in a commercial product.<\/p>\n So using open source is not bad but you need to make sure you read the code and any document associated whether you have the legal right to use it in a major distribution.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" How to handle Open Source Software and Security. Open source has always left so many questions unanswered on whether your comfort level for software security is high or you have sleepless nights. The keys for open source have the following open questions, can someone else view the source and modify it \u00a0or do you rely […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rop_custom_images_group":[],"rop_custom_messages_group":[],"rop_publish_now":"initial","rop_publish_now_accounts":[],"rop_publish_now_history":[],"rop_publish_now_status":"pending","_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[11],"tags":[16,21,20,7,13,22,47,8,29,28,15,37,6,24],"class_list":["post-467","post","type-post","status-publish","format-standard","hentry","category-pc-tips-bits-bytes","tag-apple","tag-computers","tag-delphi","tag-development","tag-embarcadero","tag-google","tag-idera","tag-lazarus","tag-linux","tag-mac","tag-microsoft","tag-rapid-sql","tag-software","tag-windows-10"],"yoast_head":"\n