Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
6 Reasons Your PC is Slow and How...
2019 Solid State Drive (SSD) Buying Guide
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
NetSecSMB/Retail

Most Open Source E-Commerce Apps Fail PCI Compliance

by Adam Lovinus April 28, 2017
by Adam Lovinus April 28, 2017 0 comment 8359 views

Apparently e-commerce companies are really bad about using open source software with known vulnerabilities. In one industry audit, 83 percent of applications used in online retail are identified as “high” risk for criminals to exploit.

All this according to Black Duck Software, maker of security and compliance products used in open source development. They audited 1,071 open source applications used in business for its 2017 Open Source Security and Risk Analysis report and found egregious security oversights by the vast majority of online retail portals.

Information superhighway to the danger zone

The open source development model associates readily with reliability, agility, and security, which, for the most part, represents the open source movement in a fairly accurate light. You can save a bunch of money on proprietary licensing and crowd-source a good deal of development, too. Here comes the “big but”—most commercially deployed open source software isn’t as secure as you think.

In fact, two-thirds of open source applications used in business have known vulnerabilities. More than half of those vulnerable apps are rated as “high” severity by the National Institute of Standards and Technology (NIST). They’re not written in obscure languages and frameworks, either—Linux Kernel v.2.6.27.7 and PHP v. 4.0.0 were the two more frequently identified in the report.

Most vulnerable languages / frameworks for e-commerce apps

Source: 2017 Open Source Security and Risk Analysis, Black Duck Software

The vulnerabilities mentioned in the report tie back to PCI DSS compliance, the rules that credit card companies use to govern card payments. Most, if not all, apps marked in the report as “vulnerable” break PCI DSS requirement #6.

10 PCI DDS Requirements

Source: pcisecuritystandards.org

Patch and update mandates are required for PCI compliance

Developers that build open source applications do have licensing obligations under the GNU General Public License (GPL). As it pertains to security, under GPL, a developer that modifies and distributes open source software must disclose the modifications before distributing on StackExchange, GitHub, or other channels. This is so recipients know they are working with an altered variant of the original software, making it clear that patch and update procedures may differ from those associated with the original application.

Less than half (45%) of audited open source software complied with GPL rules. Henceforth, a good number of open source “unknowns” wind up in commercial use. These potentiate problems with patch and update procedures; known exploits go unfixed and companies become easy targets.

Suggested practice for open source e-commerce app development

The smart move is to create outward facing applications handing data protected by PCI DSS—customer information, transactional data, payment processing, and business intelligence—making sure to use GPL compliant source code.

If you’re looking for a suggestion, check out reputable Red Hat Enterprise Linux (RHEL) middleware JBoss Developer Studio. It is a subscription-based open-source toolset designed for PCI DSS-complaint app development, and publishes security patches and advisories several times a week.

Don’t forget the firewall

Whether you’re hosting an e-commerce domain on your servers or in the cloud you need a business-class firewall for segmenting your network as per PCI DSS compliance. New firewalls and UTMs  combine a proxy level of control with the speed of a packet filter.

Find and compare of the best firewalls & security appliances rated by NeweggBusiness customers (click images for product details).

 

best firewalls newegg business

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Summary
Most Open Source E-Commerce Apps Fail PCI Compliance
Article Name
Most Open Source E-Commerce Apps Fail PCI Compliance
Description
Two-thirds of open source applications used in business have known vulnerabilities. More than half of those vulnerable apps are rated as “high” severity by the National Institute of Standards and Technology (NIST). They’re not written in obscure languages and frameworks, either—Linux Kernel v.2.6.27.7 and PHP v. 4.0.0 were the two more frequently identified in the report.
Author
Adam Lovinus
HardBoiled | NeweggBusiness
NeweggBusiness
ecommerce. retailnetsecsmb
0 comment
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
Intel Optane is the El Camino of System Memory
next post
Vo-Tech is the Future for “New Collar” Jobs

Related Posts

How to Choose the Best Antivirus and Antimalware...

March 17, 2021

6 Ways to Upgrade Your Business Technology

February 4, 2021

Remote Workforce Security: Tips and Best Practices

December 9, 2020

How Best to Support Your Remote Workforce: COVID...

November 24, 2020

Aruba Instant On Wants to Simplify Your Small...

August 2, 2019

What is ‘Fileless’ Malware Found Inside Server Hardware?

October 4, 2018

How to Layer Antivirus Software Without Slowing Your...

May 21, 2018

Securing the Office Printer in Six Steps

May 14, 2018

How to Wipe a Hard Drive Securely

April 23, 2018

Six Router Features That Optimize Small Business Networks

March 21, 2018

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

  • 1

    PC Cooling: How to Set up Computer Case Fans

    February 11, 2021
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    March 10, 2021
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 7

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email