Language Selection

English French German Italian Portuguese Spanish

Security of open-source software again being scrutinized

Filed under
OSS

A recent round of flaws discovered in open-source software has reignited concerns that security is getting bypassed in the rush to continue expanding the large and extremely popular code base used by millions.

For instance, although the Java-based Spring Framework was criticized by security researchers in January as having a major flaw that allowed remote-code execution by attackers against applications built with it, the updates to Spring this week don't address this security problem.

"Unfortunately, this is the way a lot of open source vulnerabilities go," said Jeff Williams, CEO at Aspect Security, which pointed out two months ago that the "expression-language" feature in Spring should be disabled until the issue related to potential remote code execution is remediated. But the updates to Spring out this week don't address this problem, though they do expand Spring functionality. Spring Framework is managed under SpringSource, a division of VMware.

rest here




More in Tux Machines

Sabayon 15.04 Linux Distro Brings Xfce 4.12, Native Nvidia and AMD Video Drivers Support

The Sabayon development team had the pleasure of informing its users about the immediate availability for download of the latest monthly release of their Sabayon Linux operating system derived from the well-known Gentoo distribution. Read more

Fedora 22 Alpha Now Available For AArch64 & PowerPC64

The alpha release of Fedora 22 was released a few weeks ago for the primary CPU architectures while finally coming out today is the F22 Alpha for 64-bit ARM and PowerPC architectures. Peter Robinson announced this afternoon the Fedora 22 Alpha release for AArch64 and Power64 architectures. These alternative architecture spins of the very promising Fedora 22 are primarily focused on the Server Edition of Fedora Linux. AArch64 and Power64 users of Fedora can learn more about this first Fedora 22 development release via the mailing list announcement. Fedora 22 is expected to be officially released in May. Read more

SME Server 9.1 Beta 1 Is Now Available for Download, Based on CentOS 6.6

The Koozali SME Server development team, through Terry Fage, was pleased to announce today, March 30, the immediate availability for download and testing of the SME Server 9.1 Beta 1 computer operating system, which is now based on the upstream CentOS distribution, which in turn is based on Red Hat Enterprise Linux. Read more

4MLinux Allinone Edition 12.0 Operating System Has It All

4MLinux Allinone Edition, a Linux operating system built from scratch that wants to provide a complete desktop experience while keeping the smallest size possible, has been upgraded to version 12.0. Read more