Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

today's howtos

Leftovers: Gaming

Red Hat and Fedora

Canonical and Ubuntu

  • OpenStack Solution Provider Awnix Joins Canonical's Cloud Partner Programme
    Canonical has been excited to announce that Awnix, an OpenStack solution provider with over 25 years of experience designing systems for enterprise data center environments, has joined its Partner Reseller Programme for cloud solutions.
  • Docker Has No Plans to Ditch Ubuntu in Favor of Alpine Linux - Report
    If you've been reading the news lately, you may have heard rumors that Docker founders hired the developer of Alpine Linux, a small, text-based distribution, to move the official Docker images away from the Ubuntu infrastructure.
  • More Android Vendors Said To Be Eyeing Ubuntu Phones This Year
    A greater number of Android smartphone/tablet vendors are said to be eyeing Ubuntu Phone for new devices later this year. In an interview published this morning by The Register, Canonical CEO Jane Silber talked about their communications with more (unnamed) Android vendors and supposedly seeing some other vendors offering Ubuntu Phone products later in 2016.