« Constraining vs. Training Developers – not an either/or decision | Main | This Week in Information Security & Application Security News: July 12, 2013 »



Feed You can follow this conversation by subscribing to the comment feed for this post.

Jessica Dodson

I agree that open source does not automatically equal at-risk. As long as you know that you can trust the individual components of your open source software/program you can be relatively sure that the final product is equally secure. It doesn't have to be "wait and solve" when you can build it right from the get-go.


I totaly agree with you, if you are selling software thast you claim is secure , well then you should make sure that it is secure, surely that is part of the process.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment

Comments are moderated, and will not appear until the author has approved them.

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)

Sign Up for Alerts

Follow Us

Our Newsletter

Subscribe to our quarterly newsletter, The Application Security Report..

Other Featured Blogs

Dinis Cruz Blog, by Dinis Cruz

WhoIsJoe, by Joe Basirico