Could We Reduce Data Breaches With Better Open Source Funding?
samedi 30 décembre 2017, 21:59 , par Slashdot
The CEO of Wireline -- a cloud application marketplace and serverless architecture platform -- is pushing for an open source development fund to help sustain projects, funded by an initial coin offering. 'Developers like me know that there are a lot of weak spots in the modern internet,' he writes on MarketWatch, suggesting more Equifax-sized data breaches may wait in our future.
In fact, many companies are not fully aware of all of the software components they are using from the open-source community. And vulnerabilities can be left open for years, giving hackers opportunities to do their worst. Take, for instance, the Heartbleed bug of 2014... Among the known hacks: 4.5 million health-care records were compromised, 900 Canadians' social insurance numbers were stolen. It was deemed 'catastrophic.' And yet many servers today -- two years later! -- still carry the vulnerability, leaving whole caches of personal data exposed...
[T]hose of us who are on the back end, stitching away, often feel a sense of dread. For instance, did you know that much of the software that underpins the entire cloud ecosystem is written by developers who are essentially volunteers? And that the open-source software that underpins 70% of corporate America is vastly underfunded? The Heartbleed bug, for instance, was created by an error in some code submitted in 2011 to a core developer on the team that maintained OpenSSL at the time. The team was made up of only one full-time developer and three other part-timers. Many of us are less surprised that a bug had gotten through than that it doesn't happen more often.
The article argues that 'the most successful open-source initiatives have corporate sponsors or an umbrella foundation (such as the Apache and Linux foundations). Yet we still have a lot of very deeply underfunded open-source projects creating a lot of the underpinnings of the enterprise cloud.'
Read more of this story at Slashdot.
56 sources (32 en français)
mar. 25 sept. - 20:54 CEST