Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

EC publishes open source code of legislation editor

The European Commission is about to make available as open source a prototype of LEOS, a software solution for drafting and automatic processing of legal texts. The software currently supports legal texts issued by the EC, yet can be extended to support other legislative processes. Read more

Lenovo ThinkPad L450 comes with Ubuntu

Canonical, the commercial sponsor of Ubuntu, has announced that Lenovo will start shipping Ubuntu preloaded devices starting with ThinkPad L450 laptop series this month. The laptops will be on sale at selected commercial resellers and distributors at Rs 40,000. Read more

Leftovers: Kernel

openSUSE Leap 42 Is a New Version That Will Change the openSUSE Project

The openSUSE community has spoken, and the name and version of the new openSUSE release have been chosen. The project is undergoing some major changes, and they had to illustrate that with a name that sells it. Read more