Choice has long been a defining feature of the world of free and open source software, and the constellation of options only gets bigger every year. Often it's brand-new projects causing the increase, but sometimes the growth happens in another way, when tools that were developed for a company's internal use get opened up for all the world to see, use and improve.
That, in fact, is just what has been happening lately on a grand scale in the security arena, where numerous major companies have been opting to open the doors to their own, in-house tools. Google, Facebook and Netflix are all among the companies taking this approach lately, and it's changing the security landscape significantly.
We open with the recent unpleasantness at the Drupal project. The SQL injection vulnerability, while serious, isn’t unusual. It’s actually the most common vulnerability in the world. What made the exploit newsworthy was the very short amount of time between disclosure and widespread exploitation: "if timely patches weren’t applied, then the Drupal security team outlined a lengthy process required to restore a website to health." Basically, you had seven hours to fix it before evil robots descended on your servers.
This isn’t an open source problem, it’s a software management problem.
The new full-disk encryption feature that's enabled by default in Android 5.0 Lollipop comes at a hefty price in terms of performance, according to a recent benchmark report.
In fact, when full-disk encryption is enabled, random read performance drops by 62.9 percent, while random write performance falls by 50.5 percent, AnandTech reported late last week. Sequential read performance, meanwhile, drops by a whopping 80.7 percent.
A group of developers have started writing their own open-source web browser that primarily is designed to increase web privacy and greater security.
Gngr is written in Java to make use of the Java runtime's sandboxing abilities but ultimately they plan to switch over to some other JVM-based language.
While the code has yet to drop on Gngr, it's said to be coming after the initial release.
Those interested in more information on this privacy-focused web-browser can visit Gngr.info.