Open source isn't the security problem – misusing it is
1 min read
Jan 13, 2022
Security is a process, not a product. We're going to be cleaning up Apache Log4j security problems for months to come, but the real problem isn't that it was open-source software. It's how we track and use open-source code.
When security vulnerabilities were found in the extremely popular open-source Apache Log4j logging library, we knew we were in trouble. What we didn't know was just how much trouble we were in. We know now. Just ask the Belgian defence ministry. In this ongoing security disaster, many people blame open source for all our troubles.
In the Financial Times (FT), Richard Waters, the newspaper's west coast editor, wrung his hands, saying it's a "little alarming to discover that, more than two decades into the open-source era, glaring security holes sometimes surprise even the experts."
Related Articles
1 - 0 min read
Linux Kernel 'Make-Me-Root' Flaw Threatens Popular Distros
1 - 0 min read
Millions Of GitHub Repositories Infected With Malicious Code
1 - 0 min read
Multiple Chromium DoS, Info Disclosure Vulns Fixed [Updated]
