All articles tagged with #open source software
Originally Published 5 months ago — by TechCrunch
Google's AI-based bug hunter, Big Sleep, identified 20 security flaws in open source software like FFmpeg and ImageMagick, marking a significant step in automated vulnerability discovery, although details and severity of the bugs are yet to be disclosed.
Originally Published 1 year ago — by Reuters
A near-miss cyberattack involving the open source software program XZ Utils has raised concerns about the safety of open source software and drawn attention from tech executives and government officials. The program had been sabotaged by a developer, introducing a nearly invisible backdoor that could have compromised millions of servers across the internet. The incident has highlighted the vulnerability of open source projects, with experts calling for increased support and resources for the volunteers who maintain them, as well as a need for tech companies to contribute back to the open source ecosystem. The episode has prompted discussions about how to better protect open source code and the need for changes to prevent similar incidents in the future.
Originally Published 1 year ago — by Yahoo Finance
A near-miss cyberattack involving the deliberate sabotage of the open source software program XZ Utils has raised concerns about the safety of open source software and drawn attention from tech executives and government officials. The sabotage, discovered by a Microsoft developer, could have created a secret door to millions of servers across the internet. The incident has refocused attention on the vulnerability of open source software, which often relies on a small circle of unpaid volunteers. Government officials are considering how to better protect open source code, with the Cybersecurity and Infrastructure Security Agency urging tech companies to contribute resources to the communities that build and maintain open source software.
Originally Published 1 year ago — by Fox News
A developer uncovered sabotage in the open source software program XZ Utils, which could have created a secret door to millions of servers across the internet, sparking significant cybersecurity concerns in the U.S. The incident has raised alarms about protecting open source software and highlighted the need for increased vigilance and support for the volunteers who maintain these programs. The discovery has prompted discussions among government officials and cybersecurity experts about the implications and necessary steps to safeguard open source code and build a sustainable open source ecosystem.
Originally Published 1 year ago — by Inc.
A Microsoft engineer discovered that the open source software program XZ Utils had been sabotaged by a developer, potentially creating a backdoor to millions of servers. The developer, believed to be a pseudonym for an expert hacker or group, introduced a nearly invisible backdoor into XZ. The near-miss has raised concerns about the safety of open source software and the need to protect it from well-resourced spies. Government officials and cybersecurity agencies are discussing how to better protect open source code, with calls for tech companies to contribute resources to the open source ecosystem.
Originally Published 1 year ago — by The New York Times
A Microsoft engineer, Andres Freund, inadvertently discovered a backdoor hidden in a piece of open-source software that is part of the Linux operating system, potentially preventing a major cyberattack. His discovery has been hailed by tech leaders and cybersecurity experts, with Satya Nadella, the chief executive of Microsoft, praising his "curiosity and craftsmanship." The engineer's finding has highlighted the crucial role played by volunteer programmers in maintaining the internet's infrastructure and has turned him into an unexpected internet hero.
Originally Published 1 year ago — by The Hacker News
Malicious code was discovered in the widely used XZ Utils library for Linux systems, enabling remote code execution and bypassing secure shell authentication. The backdoor was introduced by a project maintainer named Jia Tan, who gained credibility over two years and eventually added the malicious code to the XZ Utils release. The sophisticated supply chain attack highlights the potential risks associated with open-source software and the need for organizations to adopt tools and processes to identify tampering and malicious features in their development pipeline.
Originally Published 2 years ago — by Livescience.com
Scientists have developed a new camera system and open-source software to create stunning video clips that show the world as different animals see it, including the specific colors they perceive. The footage, published in the journal PLOS Biology, includes scenes from a garden environment, with colors accentuated or dulled based on the animal's vision being emulated. This method, which is 92% accurate, captures animal-perceived colors in motion and can provide valuable insights into how different species interact with their environment and respond to stimuli.
Originally Published 2 years ago — by The New York Times
French start-up Mistral AI, founded by researchers from Meta and Google, has raised €385 million ($415 million) in funding, valuing the company at $2 billion. Mistral builds technology for deploying chatbots and other AI-driven products and believes in sharing its technology as open-source software. This approach has drawn criticism from rivals like OpenAI and Google, who argue that it can be dangerous. Mistral's success is seen as an opportunity for France to challenge US tech giants, and other start-ups embracing the open-source approach are also attracting investment.
Originally Published 2 years ago — by The Register
The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act (CRA), which imposes mandatory cybersecurity requirements for hardware and software products. The CRA includes a 24-hour disclosure period for security flaws, five years of security patch support, and thorough documentation of security features. Manufacturers, importers, and distributors have 36 months to comply or face fines. Concerns have been raised about the impact on open source software, but the latest version of the CRA exempts free and open source software developed outside of commercial activity.
Originally Published 2 years ago — by CRN
Open-source software tools are gaining popularity due to their cost advantages, lack of vendor lock-in, and support from active communities. This article highlights 10 innovative open-source software tools that have caught attention in 2023, including those for IT automation, infrastructure as code, computer graphics, animated content creation, and personal productivity applications.