Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

XFCE 4.12 Released With Several Changes, Install In Ubuntu


xfce 4.12 released install in ubuntu

Xfce is a lightweight desktop environment for UNIX-like operating systems. It aims to be fast and low on system resources, while still being visually appealing and user friendly. After two years and 10 months Xfce sees a newreleaseXfce 4.12 with so many changes.
 

Read At LinuxAndUbuntu

Linux Kernel Developer Work Spaces Video: Tejun Heo, Red Hat

Tejun Heo is a Linux kernel developer and a principal software engineer at Red Hat. In this video he takes us on a tour of his home office and answers a few questions about his work as a kernel subsystem maintainer. Read more

Xfce 4.12 Has Been Officially Released

After two years of hard work, the Xfce development team had the pleasure of announcing a few minutes ago, February 28, the immediate and general availability of the highly anticipated Xfce 4.12 desktop environment for GNU/Linux distributions. Read more

New Tizen Tools Version Released (15.01)

A new version of the Tizen development tools has been released, version 15.01, and it is available on download.tizen.org, including the following: GBS 0.23.2 MIC 0.24.4 REPA 0.3 BMAP-TOOLS 3.3 Read more