Security company Qualys has released a new open source tool, 'BlindElephant', which can accurately fingerprint web applications down to version level in order to better manage the security issues which now plague such software. According to the company, the need for such a tool is pressing.

Open-source code is more prone to severe flaws than commercial software, but bugs get fixed more quickly, according to revealing new research from application security firm Veracode.

"Could enterprises' rapid adoption of Linux and open source software mask a hidden challenge for IT managers?...If you believe the latest research from Westport, Conn.-based Saugatuck Technology Inc., the answer could be yes; the substantial growth of open source software over the past few years now presents a double-edged sword, the firm said in a recent report..."

...If you are a FLOSS enthusiast, are you ready to start supporting closed source systems if research shows that the closed development method in fact produces better software? For example, security expert Steve Gibson recently argued persuasively on his podcast that there is no real difference in security between the closed and open source software development methodologies...

Network Security Toolkit is one of many live CD Linux distributions focusing on network monitoring, analysis, and security. NST was designed to give network security administrators easy access to a comprehensive set of open source network applications, many of which are among the top 100 security tools recommended by insecure.org.

MANILA, Philippines -- Security is the number one reason why end-users deploy open-source software, according to a recent survey by research analyst IDC.

The Standish group recently completed an extensive study that examines factors influencing open-source adoption. Based on five years of research and analysis, the report provides intriguing insights into open-source adoption levels and the way that open source is reshaping the software industry.

Many companies are beginning to see the intrinsic value of open source software for the enterprise but as businesses piecemeal solutions together from a variety of options, it's easy to lose track of each app's updates and revisions -- leading to potential security issues from unknown or undocumented code.

To help developers audit Web application security, Google has released an open source tool called ratproxy. It is a non-disruptive tool designed for Web 2.0 and AJAX applications that produces an easy-to-read report of potential exploits.