Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

Today in Techrights

Linux and Graphics

today's howtos

Ubuntu 16.04.2 LTS Delayed Until February 2, Will Bring Linux 4.8, Newer Mesa

If you've been waiting to upgrade your Ubuntu 16.04 LTS (Xenial Xerus) operating system to the 16.04.2 point release, which should have hit the streets a couple of days ago, you'll have to wait until February 2. We hate to give you guys bad news, but Canonical's engineers are still working hard these days to port all the goodies from the Ubuntu 16.10 (Yakkety Yak) repositories to Ubuntu 16.04 LTS, which is a long-term supported version, until 2019. These include the Linux 4.8 kernel packages and an updated graphics stack based on a newer X.Org Server version and Mesa 3D Graphics Library. Read more