Skip to main content
Topic: Increased security vulnerbilites being reported (Read 464 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Increased security vulnerbilites being reported

Derek Weeks, VP at Sonatype, said it was "discouraging" to see the percentage of vulnerable component downloads increasing whilst expressing sympathy for developers.

"Today, it is difficult for developers to know if they are downloading open source components with known vulnerabilities like Struts," Weeks told El Reg. "Free downloads of components take milliseconds and no information is actively passed to the developer during that effort about known vulnerabilities. It is the equivalent of shopping in a huge supermarket full of tasty products that have no food labels or expiration dates. Without data about component quality and security surfaced quickly to developers, they are effectively shopping blindfolded.

Re: Increased security vulnerbilites being reported

Reply #1
Kind of pointless.
Don't get me even started about misconception people have with the original purpose of the internet and computers.
Its all freaking military applications, and what we use publicly is a waste and byproduct, what do people expect?

Re: Increased security vulnerbilites being reported

Reply #2
Several of the problems listed by Sonatype involved messing around with NPM, a utility used by JavaScript projects to install dependencies.

What a surprise [/sarcasm]

Re: Increased security vulnerbilites being reported

Reply #3
The one project I have found that would deviate from the original design is gnunet and it received minimal attention.  The defense department's net is better and easier, why bother with something of our own.
"They" still own the physical medium end to end but we still have low speed radio waves. 

Ham + GnuNet