Enforcing the pyramid of Open Source
Submitted by Roy Schestowitz on Monday 17th of January 2022 11:07:33 PM
Filed under
The well-known log4j security vulnerability of December 2021 triggered a lot of renewed discussions around software supply chain security, and sometimes it has also been said to be an Open Source related issue.
This was not the first software component to have a serious security flaw, and it will not be the last.
What can we do about it?
This is the 10,000 dollar question that is really hard to answer. In this post I hope to help putting some light on to why it is such a hard problem. This comes from my view as an Open Source author and contributor since almost three decades now.
In this post I’m going to talk about security as in how we make our products have less bugs in the code we write and land on purpose. There is also a lot to be said about infrastructure problems such as consumers not verifying dependencies so that when malicious actors purposely destroy a component, users of that don’t notice the problem or supply chain security issues that risk letting bad actors insert malicious code into components. But those are not covered in this blog post!
»
-
- Login or register to post comments
Printer-friendly version- 1548 reads
PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
- July 2022 (99)
- June 2022 (1211)
- May 2022 (1127)
- April 2022 (1130)
- March 2022 (1232)
- February 2022 (1022)
- January 2022 (1178)
- December 2021 (1206)
- November 2021 (1140)
- October 2021 (1117)
- September 2021 (1132)
- August 2021 (1125)
- July 2021 (1129)
- June 2021 (1088)
- May 2021 (1123)
- April 2021 (1180)
- March 2021 (1220)
- February 2021 (1136)
- January 2021 (1088)
- December 2020 (1091)
- November 2020 (1042)
- October 2020 (1161)
- September 2020 (1124)
- August 2020 (1064)
- July 2020 (1162)
- June 2020 (1104)
- May 2020 (1203)
- April 2020 (1211)
- March 2020 (1184)
- February 2020 (1071)
.svg_.png)
Content (where original) is available under CC-BY-SA, copyrighted by original author/s.
Recent comments
53 min 45 sec ago
56 min 18 sec ago
57 min 26 sec ago
1 hour 21 sec ago
1 hour 9 min ago
1 hour 10 min ago
5 hours 1 min ago
9 hours 3 min ago
9 hours 39 min ago
11 hours 28 min ago