Reply to post:

Apache Foundation rebuffs allegation it allowed Equifax attack

Anonymous South African Coward Silver badge

Companies utilizing Open Source can do, nay, MUST do the following :

- Contribute to OSS by either assigning a programmer/team (on their side) to check for vulnerabilities, or either do a donation on a monthly basis. You won't like it when you're asked to work but won't be getting paid for it.

- Recognize the need for thorough pen testing, especially if most of your services are on publicly-accessible servers, and have sensitive data or personal information, no matter whether you use M$, Sun, Oracle, Hillbilly or whatever software. Vulnerabilities will exist (incorrect configuration, software bugs etc etc), and it is up to you to make sure you have migitated all of them.

- Oh, and last, but not least, plan for when a pwnage will occur, what you will do, who will be responsible to sort that mess out, press/social media responses etc etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022