Facilitating the spread of knowledge and innovation in professional software development



Choose your language

InfoQ Homepage News Collaboration Tools Free - But Vulnerable

Collaboration Tools Free - But Vulnerable

For the classic Extreme Programming team, developers and their customer all work daily in the same room. But other methodologies are less stringent, and even XP teams sometimes need to find compromises when organizations exist across multiple campuses, or continents. Enter collaborative technologies - where they are allowed.

Many organizations are nervous about user-installed software, and publish rules banning unapproved installation. Some actually block non-sanctioned installation, and perhaps justifiably: Bit9, Inc., whose technology solves the problem of unwanted software on the desktop has compiled a list of the top applications with known security vulnerabilities, including applications frequently downloaded by individuals (and thus perhaps not sanctioned by the enterprise) and not classified as malicious. Each has at least one critical vulnerability, and relies on the end user, not the corporate IT department, to manually patch or upgrade to fix bugs.

Collaborative software commonly used by Agile teams, either with their customers or with distant team members, do appear on the list:

3.   Skype 1.4
7.   AOL Instant Messenger 5.5
8.   Microsoft Windows/MSN Messenger 5.0
9.   Yahoo Instant Messenger 6.0
15. ICQ 2003a

View the full list on's site. 

Hmmm.  What's on your desktop?
We need your feedback

How might we improve InfoQ for you

Thank you for being an InfoQ reader.

Each year, we seek feedback from our readers to help us improve InfoQ. Would you mind spending 2 minutes to share your feedback in our short survey? Your feedback will directly help us continually evolve how we support you.

Take the Survey

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • ... but most of them are already offering patches

    by Alex Popescu,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    I find this very interesting: most of the software included in the list are already providing patches/fixes for the reported vulnerabilities. And afaik, most of them are having quite a good release schedule, so there are great chances these problems are fixed very quickly.

    .w( the_mindstorm )p.

  • Re: ... but most of them are already offering patches

    by Deborah (Hartmann) Preuss,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    I guess the issue for enterprises is: installing such patches (or new versions) is up to the employee, not a systematic or highly reliable method for protection of corporate assets.

  • Re: ... but most of them are already offering patches

    by Noah Campbell,

    Your message is awaiting moderation. Thank you for participating in the discussion.

    That's why most corporations block IM protocols at the network level. Secure IM is possible, but not from the IM's listed above. Jive Wildfire ( supports secure communication between client and server.


Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p


Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.