A record number of respondents to a recent EU-FOSSA 2 survey favour the European Commission to audit Linux, OpenSSL and OpenSSH on servers. For PC Workstations, respondents want the EC to boost the security of Firefox, Java, and GnuPG. In addition, respondents say the EC should support university teachers and professional developers to increase the security of open source.
The first part of the survey, respondents were asked what the EU can do to help developers make more secure software. The second part questions focused on the security of free and open source software. As a result, the survey provided knowledge about the current needs of the open source community.
How can the EU help?
A large percentage of respondents believe the best way for the EU to help open source communities to increase the stability of their code is by supporting, and sponsoring them to work on specific aspects of their code. That will benefit both EU and Open source communities. Hackathons and conferences were the second favourite choice.
The best way for the EU to get closer to open source communities is by contributing with code and participate in software development, respondents agree. Also, the EU should be directly in touch with developer communities and aware of their challenges.
Furthermore, the community advocates that the EU should become a member or join the board of open source organisations. A significant share of developers who responded believes that the EU should carry out more code audits.
Which software to audit?
Which are the most critical Server software and the most critical PC Workstation software to scan for security issues?
Top 5 Server software to audit by order of demand -Linux, OpenSSL/pyOpenSSL, OpenSSH, gitBC and curl.
Top 5 Workstation software to audit by order of demand - Firefox, Java, GnuPG, KeePass and VLC.
As a recommendation, respondents made a call for the European Commission to support universities EU-wide. Fund teachers to work with EU scholarship holders, sponsor university programmes to include security audits as part of the computer science curriculum. It was also suggested that the use of open source in European institutions should be increased and that the use of open source software in the EU should be promoted in public institutions, schools, and government offices.
Results of the previous survey
The previous survey, held back in June 2016 as part of EU-FOSSA 1 initiative resulted in a single top 5 list of software to audit - KeePass, Apache HTTP Server, VLC Media Player, Linux and MySQL.
Are you interested to know the full results of the survey? Contact us via email.