Software Quality: The Problem with Ignoring the Open Source Quality

by

Software quality, thanks to the open source Heartbleed bug, was thrown into the limelight this year as the world realized how unsecured the IT services they use daily actually are.

Blind trust in Open Source Software Quality?
However, while enterprise IT organizations have come to realize the benefits of using open source, blindly trusting the open source community to catch every mistake in the code is not a sound business decision, and quite frankly, unfair towards open source developers.

You can find open source code all over business applications -- in webservers running Linux and Apache, in databases, in mobile operating systems, and in enterprise grade code libraries. The problem is, while enterprise developers cut and paste code into their applications to keep up with a breakneck velocity, they can’t accurately assess what kinds of vulnerabilities are present in the code.

CAST-code-quality-hampster

Securing open source
To help make sense of this software development catch-22, our own Lev Lesokhin spoke with CSO Online about how large IT organizations can secure their business critical applications from known vulnerabilities and shoddy software quality. Be sure to check out the article here.

How are you checking software quality of open source?
How are you using open source software in your organization? And are you taking the proper steps to secure it? If not you could be leaving your organization’s IT vulnerable to countless attacks and slowdowns.

Trust but verify open source software quality
CAST offers a solution for analyzing open source (and customer code) software quality and regaining control of your application. If unscrupulous code is taking away from organization performance or increasing costs, it is time to consider further analysis to identify these problems long before they cause extensive infrastructure damage.

Learn how to improve your bottom line with software intelligence generated by CAST. Click here for a free demo.

Filed in: CAST News
Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|