Why a near-miss cyberattack put US officials and the tech industry on edge

mullet

mullet

[H]ard|Gawd
Joined
Aug 19, 2004
Messages
2,028

Why a near-miss cyberattack put US officials and the tech industry on edge


WASHINGTON, April 5 (Reuters) - German software developer Andres Freund was running some detailed performance tests last month when he noticed odd behavior in a little known program. What he found when he investigated has sent shudders across the software world and drawn attention from tech executives and government officials.

Freund, who works for Microsoft out of San Francisco, discovered that the latest version of the open source software program XZ Utils had been deliberately sabotaged by one of its developers, a move that could have carved out a secret door to millions of servers across the internet.
Click to expand...

The near-miss has refocused attention on the safety of open source software – free, often volunteer-maintained programs whose transparency and flexibility mean they serve as the foundation for the internet economy.

Many such projects depend on a tiny circle of unpaid volunteers fighting to get out from under a pile of demands for fixes and upgrades.

XZ, a suite of file compression tools packaged into distributions of the Linux operating system, was long maintained by a single author, Lasse Collin.

In recent years, he appeared to be under strain.
Click to expand...
 
philb2 said:
So someone should hire Lasse Collin (and others like him). There are large companies, you know who they are, who could easily afford his salary.

I wonder how many other mission-critical open source modules are in this situation.
Click to expand...
The answer is too many, and they get funded all the time, just not until after some big company has a near miss or a big problem and suddenly there is financial incentive to do so.
 
You must log in or register to reply here.
Back
Top