Don’t miss the Linux Foundation’s deep dive into open source software security. Plus, cyber agencies warn about China-backed cyber espionage campaign targeting telecom data. Meanwhile, a study shows the weight of security considerations in generative AI projects. And get the latest on ransomware trends, financial cybercrime and critical infrastructure security.
Dive into six things that are top of mind for the week ending Dec. 6.
1 – Study: Security of open source software projects must improve
Improperly secured developer accounts. Lack of a standard naming schema for software components. The persistence of legacy software.
Those three issues put the reliability and security of free and open source software (FOSS) at risk, a new Linux Foundation study has found.
Published this week, “Census III of Free and Open Source Software — Application Libraries” is based on about 12 million observations of FOSS at 10,000-plus companies. Its aim: to provide a better understanding of FOSS use and security challenges, given FOSS’ widespread adoption globally.
“Our goal is to not only provide an updated list of the most widely used FOSS, but to also provide an example of how the distributed nature of FOSS requires a multi-party effort to fully understand the value and security of the FOSS ecosystem,” the study reads.
Data sharing, coordination and investment are keys to preserving the value of FOSS, which has become critical for the digital economy, the authors wrote.
Here are more details about the three key security issues identified in the study:
- To conduct their FOSS work, developers often use individual accounts, which typically lack the security protections of organizational accounts. Hosting FOSS projects under individual developer accounts creates multiple risks, such as making it easier for hackers to breach individual computing environments and tamper with FOSS code.
- A lot of legacy FOSS software still exists that isn’t being maintained nor updated, which makes the software more vulnera
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from Security BoulevardRead the original article: