Additional information and commentary from Veracode Blog:
Google’s Cash Helps To Clean Up Open Source Commons
Open source has worked its way into a stunning array of commercial and free technology products. Now Google is using its bank account to help improve the security of the underlying code.
We’ve talked on this blog before about the conundrum posed by the widespread use of third party and open source code. One the one hand: third party code can greatly accelerate application development by sparing software development groups the task of “reinventing the wheel” in order to implement standard application components. On the other hand, open source and third party code can often contain serious vulnerabilities that easily slip below the radar during quality assurance testing and application audits.
The problem is serious enough to prompt OWASP to make room on its Top 10 for third party software components. Veracode’s own Chris Wysopal recently argued that the prospect of NSA “back doors” in common technology were a lot less of a privacy concern than run of the mill vulnerabilities in shared code.