Language Selection

English French German Italian Portuguese Spanish

Top FOSS security vulnerabilities

Filed under
Security

Palamida, the San Francisco company that helps companies to audit their use of open source software, has released a list of what it calls "the top five most overlooked open source vulnerabilities." To this list, Palamida has added an additional five vulnerabilities exclusively for Linux.com.

The list is partly a promotion of Palamida's Vulnerability Reporting Solution, which recently added 431 security alerts based on National Vulnerability Database listings. However, the list is also designed to draw attention to the lax practices surrounding the use of open source software in business, according to Theresa Bui, co-founder and vice president of marketing at Palamida.

To be precise, the vulnerabilities on the list are based on Palamida's audits of its clients. These audits vary from scans of a few hundred megabytes of code to hundreds of gigabytes in a company's complete software infrastructure. The list summarizes the results of scanning 3-5 million lines of code, representing a minimum of 30% of a company's software assets and, more often, at least 50%.

More Here




More in Tux Machines

Simplicity Linux 15.7 Officially Released, Based on LXPup and Linux Kernel 4.1 LTS

As reported at the beginning of July, David Purse, the developer of the Simplicity Linux distribution, announced the release and immediate availability for download of the final version of his Simplicity Linux 15.7 operating system on July 30, 2015. Read more

qBittorrent Open Source Torrent Downloader Gets Massive WebUI Improvements, More

The qBittorrent project announced on the first day of August 2015 that the second maintenance release of their cross-platform and open-source BitTorrent client, qBittorrent 3.2, is available for download with major improvements. Read more

Android Headliner: Chinese Handsets Need Better Software

That being said, Chinese OEMs have been known for pretty poor quality products for quite some time. Many of them still are, but a number of China-based OEMs improved in that regard, a lot. Manufacturers like Xiaomi, Huawei and Meizu have great hardware, and they’ve also improved a lot on the software front, but some other, smaller companies have real issues on the software side of things. Don’t get me wrong though, not all of them have such issues, but a number of them just can’t get that part right. Many of us in the tech business actually appreciate stock Android and what it brings to the table, and luckily, many of these smaller companies don’t skin Android all that much. Why is that a good thing? Well, the performance tends to be good for the most part, and the UI also looks really great. So, what’s wrong then? Well… read on. Read more

Lava goes the Android One way with Pixel V1

Indian mobile phone manufacturer, Lava, has introduced the Pixel V1, an Android One device at a price of Rs.11, 350 in collaboration with Google. The Pixel V1 has been developed by close coordination between product R&D teams at Lava & Google. Aimed at those users who have value for money in mind, Lava has provided the right hardware specifications and the promise of the Android One platform making Pixel V1 a solid offering. Read more