Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

Today in Techrights

Leftovers: Software

Leftovers: Ubuntu

  • Snap creation tool 'snapcraft' has a new release with the groundwork for collaboration
  • Mobile Ubuntu Gamble to Fizzle Out in June
  • The Pop GTK Theme Brings Ubuntu with GNOME to Life
    If you’re looking to give your newly minted GNOME desktop a bit of a makeover look no further than the Pop GTK theme. Created by the popular Ubuntu computer seller System76, the Pop GTK theme puts a modern spin on the Ubuntu brown and orange colour scheme (which also happen to be the colours used in the System76 logo).
  • 2017 will be the year of the Linux desktop... for GNOME on Ubuntu
    A few weeks ago, Mark Shuttleworth, now CEO of Canonical, announced that the Unity desktop shell would be abandoned in favour of GNOME. While we were told that GNOME would be used by Ubuntu 18.04, we weren't sure whether it'd be included in Ubuntu 17.10, the next release. Following a meeting on IRC, we now know that GNOME will ship by default in the next release.
  • Ubuntu GNOME merged into mainline Ubuntu
    Ubuntu has been using the Unity environment developed by Caonical Ltd. since the netbook edition of Ubuntu 10.10, initially released on June 9, 2010. However, it has been decided that the Unity environment would no longer be the standard environment used for the popular GNU/Linux distro. In a blog post by Mark Shuttleworth, founder of Ubuntu and Canonical, he says, "We are wrapping up an excellent quarter and an excellent year for the company, with performance in many teams and products that we can be proud of. As we head into the new fiscal year, it’s appropriate to reassess each of our initiatives. I’m writing to let you know that we will end our investment in Unity8, the phone and convergence shell. We will shift our default Ubuntu desktop back to GNOME for Ubuntu 18.04 LTS."

today's howtos