Mozilla issues root certificate security warning; then rescinds warning

The incident is a clear illustration of the security problems associated with using open source software – such as the Firefox browser from Mozilla – rather than its commercial peers, Infosecurity notes.

And application vulnerability specialist Fortify agrees, but notes that, whilst this tilts the balance in favour of Microsoft Internet Explorer, there are known security issues associated with that internet client application.

Richard Kirk, European director with Fortify, argues that the saga highlights the fact that open source software must be tested for security vulnerabilities – and fixed – before it is used in any business.

"In all software development, there is a trade-off between convenience and taking appropriate security measures, but it's situations like the one with Firefox that highlight the fact that open source software has – generally speaking – more issues than commercially developed applications", he said.

"Having said that, there are tremendous cost savings, as well the widespread availability of plug-ins, that open source software brings to the business table. This means that, with good security testing in place, a major company can still use open source and save money at the same time", he added.

Kirk went on to say that one important feature of open source software is that it can often be ruggedised, that is, made more suitable for commercial deployments, using a security testing process that ensures the software is more secure.

"The important thing to stress, however, is the need for software security testing to identify and remove vulnerabilities from applications, rather than simply trying to block attacks on software by securing the network", he explained.

What’s Hot on Infosecurity Magazine?