Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

Linux Kernel News

budgie-remix 16.04.2 Comes Equipped with the HWE Kernel from Ubuntu 16.04.2 LTS

The great folks from the Ubuntu Budgie (formerly budgie-remix) GNU/Linux distribution had the pleasure of announcing the general availability of budgie-remix 16.04.2. What's budgie-remix 16.04.2, you may wonder? Well, as Ubuntu Budgie did not yet have a stable release, and because many people are still using the distro on their PCs with its previous name (budgie-remix), the developers updated it to be based on the recently released Ubuntu 16.04.2 LTS (Xenial Xerus) operating system. Being based on Ubuntu 16.04.2 LTS, which inherits the newer Linux 4.8 kernel and an updated graphics stack based on Mesa 12.0 3D Graphics Library from Ubuntu 16.10 (Yakkety Yak), budgie-remix 16.04.2 comes equipped with its HWE kernel and graphics stack, as well as the latest Budgie 10.2.9 desktop environment. Read more

Today in Techrights

Linux Mint 18.2 to Come with a Revamped Bluetooth Panel, Updated Xplayer and Xed

Clement Lefebvre, the founder and lead developer of the popular Linux Mint operating system, published the project's monthly newsletter for the month of February 2017 to keep the community up-to-date with the latest developments. Read more