Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

How strong is peer review in open source?

An example of a standard open source peer review process begins with a software author submitting their code and documentation to their project's mailing list. It is then examined by other contributors and project managers; potential problems and improvements are discussed amongst the community and author before the changes are either accepted or rejected. GitHub uses the version control software Git to offer a streamlined system in which project managers can oversee their source code while still allowing for code review. Due to its ease of use, GitHub has become a popular host for version control and code review, with over 2,000,000 repositories uploaded to the site as of 2011. Read more

These are the new faces of Android Wear

Google has opened a section to the Play Store dedicated to serving new watch faces for Android Wear smartwatches. Until this new debut, which accompanies a significant software update for the Android Wear watches themselves, the only choices available were the standard ones preloaded by Google, a few extras provided by manufacturers like LG, and a few from grassroots fans who made their own. Now Google has an official development kit for new faces and a whole bunch of options already populating the store. You'll find some of the standouts below, in both their active and passive modes, and you can peruse the full collection of novelties in our comprehensive hands-on gallery. Read more

The Growing Linux on Power Ecosystem

Earlier this month, a report by the Linux Foundation identified that Linux deployments are up 14 percent over the last three years, while Windows is down 9 percent. In addition, Linux solutions have grown 23 percent since 2013. What this further confirmed is that our strategy for IBM Power Systems growth is aligned with market realities: that Linux continues to grow in both the cloud and in enterprise application deployments – and more and more enterprises are turning to the value of Linux. (Source: ZDNet) Read more Also: Rackspace Embraces OpenPOWER

2014 Was the Year of Android Everywhere

Android has never enjoyed quite the same fanboy enthusiasm among its users as Apple's iOS or desktop Linux. Yet, thanks in part to the fairly open licensing of the Linux-based mobile OS, Android quickly evolved and improved. Like Google Search, it quietly crept into our lives, and decided to stay. Android smartphones and tablets now represent about 80 percent and 70 percent global market share, respectively (see the companion article, Android Dominates Global Smartphone Market in 2014.) Read more Also: Android Dominates Global Smartphone Market in 2014