Study: ‘Open source coders mo…

Study: ‘Open source coders more aware of security’

14/10/2016

European institutions should use available security tools more often

Developers of open source software are generally more aware of code security issues than developers working for the European institutions, according to a study conducted on behalf of the European Commission and European Parliament. Developers working for the European institutions have more tools available for management and testing of code security, but using them is not yet standard practice.

Open source developers should have more testing environments, and should perform more security testing, the study recommends.

A chart comparing coding practices of EC/EP software development and free and open source groups

To compare code security methods used by open source communities and software development projects in the European institutions, the study looks at ten segments commonly found in software development, such as project management, release management, software testing, and incident management. For each segment, the report lists conclusions and recommendations. For example: project management is more efficient at the European institutions, and the study recommends that, if possible, free software groups improve in this area.

To shore up software security, the authors suggest that the European institutions and free software groups standardise their security definitions and that both use standard authentication mechanisms.

The report is one of the results of the ‘EU Free and Open Source Software Auditing’ EU-Fossa project, which ends in December. This project will establish a formal process that will let the European institutions contribute the results of their software security reviews back to the open source communities.

More information:

EU-Fossa news item

The content of this field is kept private and will not be shown publicly.