Is open source secure?

The answer depends on the combination of all factors involved:
  • for what software?
  • which exact version? (amoung thousands in some software)
  • what environment?
  • what is the configuration?
  • what other software are dependencies? (and all of each of their variables)
  • what software is using that software as a dependency (and its variables)

General Considerations

Pros:
  • Your company can review and audit the code.
  • Open Source is a powerful joint collective of some brilliant minds.
  • Sometimes portable.
Cons:
  • Bad actors are out there, and they're reviewing the code and testing attacks.
  • The authors can not possibly design for every permutation of the variables of use.
  • Architechture specific source code and environment / compiler / library specific source code.
  • Often several projects are automatically combined in by way of dependencies and assumptions of never tested composites.

For any security statement to be made, it must clearly encompass a scope and boundaries.

At PriVerify, we put Foundation First to implement the first solution of its kind.

Our flagship set of solutions is called

SECF:

Simple Extensible Comprehensive Foundation

Simple Extensible Comprehensive Foundation SECF no dependencies no dependencies
Packaged into just two files:
-Application tested to meet or exceed its specs
-configuration binary specific to each of your devices/instances
Open source integrations provided:
-Web Servers (Apache mod_ssl)
-Delivers Quantum Entropy directly to the Linux kernel
-Example configurations for many popular platforms
-Quantum Entropy delivered to each of your systems
-Time synchronization built-in to the same purpose-specific secure EDP

PriVerify Conjoined Quadrants of Success

OK
This site uses cookies. Please read our Privacy Policy