Tag Archives: Open Source

Linux Foundation Launches 'Zephyr', a tiny OS for Internet of Things

The 21st century is witnessing a great change over in the daily life of folks with the advent of IoT devices that are capable of talking to each other without any human intervention.

Yeah! Now you do not have to individually cascade an instruction to each of your home devices to accomplish a task. All have gone automated with the actuators and sensors which are infused into the home

Google 'Android N' Will Not Use Oracle's Java APIs

Google appears to be no longer using Java application programming interfaces (APIs) from Oracle in future versions of its Android mobile operating system, and switching to an open source alternative instead.

Google will be making use of OpenJDK – an open source version of Oracle’s Java Development Kit (JDK) – for future Android builds.

This was first highlighted by a “mysterious Android

Netflix Releases FIDO Incident Response Tool

Engineers at Netflix have released another one of the company’s bespoke security tools as an open-source application, this time an incident-response system known as FIDO. The tool is designed to help automate the process of incident response, and specifically it acts as a new layer that helps tie together existing applications by evaluating and assessing […]

Heartbleed: One Year On

When news of the Heartbleed vulnerability broke this time last year, it was a watershed moment for the Internet and especially for security.

OpenSSL, the fundamental layer of encryption used by major websites around the world, was found to be flawed. Through a specific type of attack, a victim’s personal data including passwords, financial credentials could be stolen.

While the discovery of a vulnerability in OpenSSL didn’t come as much of a surprise to those who work in the security industry – after all, completely secure code is a rarity. Instead, the shock was the extent of the vulnerability, with around 60% of the entire web at risk.

Now, a year on, I’d love to be able to say that we’ve learned many lessons from Heartbleed and that the web is now a more secure place. Sadly, it’s not as simple as that.

Public awareness remains a major issue for Internet security. Recent research from password security developer Dashlane indicates that a year on, 86% of American’s have not heard of Heartbleed.

Dashlane spoke to AVG’s Chief Strategy Officer, Todd Simpson, about their results.

Video

The State of Online Security One-Year After Heartbleed

 

However, awareness is just one issue. Months after Heartbleed broke, I wrote of several further vulnerabilities in OpenSSL that had also emerged. Although each vulnerability discovered is theoretically a vulnerability fixed, it highlights the fact that this is still much work to be done. This is particularly true of open source software.

Open source software has several major benefits and will be around for a long time yet, but vulnerabilities such as Heartbleed demonstrate that there is risk and responsibility for all of us to protect the systems we have come to rely on.

Why has there been so little progress in securing OpenSSL and similar open source systems since Heartbleed appeared?

In my opinion, the issue lies within the very nature of open source software. OpenSSL is incredibly useful and has been adopted throughout the world, but how many people pay for OpenSSL, or donate time and money to keep it functional and secure? Not so many.

The OpenSSL Project does a great job finding and fixing vulnerabilities when they appear but in order to truly move the dial for Internet security, we need more investment.

Right now, the hands of the world’s online safety is in the hands of only a few coders working in small teams. That simply won’t do.

In April last year I wrote a blog highlighting a number of ways that we can all work together to improve the security of open source software.

Ultimately, it comes down to the fact that vulnerabilities will always exist; it’s up to all of us to take responsibility for our security.