Thanks Vitaly! It's true that many license compliance tools are now taking security into account, which is an interesting development.
Also on topic: https://www.esmt.org/sites/default/files/dsi_ipr5_engl-dt.pdf Best, Hugo ↪ Vitaly Repin / août 14, 2017 12:11:
Hello, I think I have to add my 5 cents. There are commercial (ironically proprietary) products on the market which analyze the software and build a list of open source dependencies. Then, based on this list of open source dependencies, they build a list of vulnerabilities which might be presented in the analyzed software. Example of such tool: https://www.blackducksoftware.com/solutions/application-security (Check "Manage Open Source vulnerabilities") 2017-07-26 23:51 GMT+03:00 Hugo Roy <h...@fsfe.org>:Thank you Bastien, this is interesting and helpful. Does anyone has interesting articles about recent vulnerabilities discovered in free software? Best, Hugo ↪ Bastien Guerry / juillet 26, 2017 15:50:Hi Hugo, Hugo Roy <h...@fsfe.org> writes: Any case studies on how the world dealt to react quickly and updatesystems in reponse to Heartbleed for instance?I remember blackduck had some reports comparing FLOSS/non-FLOSS with respect to their security, I found this, but I’m sure there are more detailed documents: https://info.blackducksoftware.com/rs/872-OLS-526/images/OSS AReportFINAL.pdf Also, a bit older, but with more data: http://go.coverity.com/rs/157-LQW-289/images/2014-Coverity-S can-Report.pdf I’m not a specialist at all, and all these sources must be read with a grain of salt, because authors are often not neutral. HTH, -- Bastien_______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion-- WBR & WBW, Vitaly
pgpxittpAbapy.pgp
Description: PGP signature
_______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion