Vulnerabilities close quickly: Open source is not free

Imagine for a second you were transposed into the karmic driven world of Earl. Now they thought the person in charge of tightening the screws was a volunteer. Sounds scary? Scandalous? Well, welcome to the open source world.

It turns out that most of the software we use is written collaboratively. Thousands of programmers from around the world build them, collaborate with each other, find bugs and move on. Some of these programs are so popular that other programmers use them to build new applications, but like building foundations, these cornerstones are sometimes a bit forgotten: they are no longer cool, but a kind of just forgotten huge pillars that someone has to tighten the screws for.

And a malfunction in these screws happened last week. A brilliant programmer named Marak Squires, who was the lead volunteer of two popular JavaScript libraries, decided to destroy them and disrupt the operation of millions of applications around the world. Squires made a series of changes to them, some of them rather puzzling, and put them in as an update. The apps that rely on this directory are designed to be updated automatically, so when Squires pushed for an update, they drank it in thirst – which caused them to slow down, and in some cases even crash. This is not the first time such a thing has happened. In fact, it happens quite a bit.

need to understand. Open source is not free. And for the man who tightens the screws, you have to pay. As early as 2014, after the bug appeared, the Linux Foundation decided to encourage the repair and strengthening of old and orphaned code libraries. But software security, as security guru Bruce Schneier once said, is not a solution, but a process, and anyone who uses open source must take part in that process.

Giant companies as well as smaller companies need to go back and contribute code and fixes to the various directories. Open source software should be used that fixes versions and prevents automatic updates in critical areas. Systems should also be enabled that allow the code to be scanned even while working so that it alerts if something problematic has happened.

And most of all, one should know that these loopholes were discovered thanks to the fact that it is open source. When enough eyes look at the code every day, examine it and look inside its bowels, the bugs are exposed faster and loopholes close quickly.

The author is the CEO of Linnovate, an expert in the construction and maintenance of cloud environments and open source platforms

By Editor

Leave a Reply