[Linux-aus] What's the real story about Shellshock and Bash and vulnerabilities in Linux and OpenSource?

Steve Dalton steve at refactor.com.au
Fri Sep 26 07:57:13 EST 2014


Well I'm happy to propose some sort of BOF on this at OSDC in November. We
definitely need some more (security) eyes on these "less sexy" open source
projects. We all use them every day without a second thought on who is
maintaining them.

Are there any specific neglected core projects people know about that need
some love .... maybe organising some sort of hackathon/testathon around one
of these could be a positive thing we could do???

Steve

Ps.  If you haven't booked your ticket yet....  Please come see us on the
lovely gold coast this year, OSDC is now shaping up quite nicely (albeit a
bit last minute!)

http://2014.osdc.com.au/registration

On Fri, Sep 26, 2014 at 7:11 AM, Ian <ilox11 at gmail.com> wrote:
> The journos are having a field day over the discovery of the
vulnerabilities
> in Bash, the vulnerability now called Shellshock. They talk of 500million
> affected sites. Any Apache server is easily taken over. Some reporting
that
> the patches not fully safe yet.
> http://www.bbc.com/news/technology-29361794
> "The new bug has turned the spotlight, once again, onto the reliance the
> technology industry has on products built and maintained by small teams
> often made up of volunteers."
> And even more fingers being pointed at the Open Source community,
> "That such key parts of everyday technology are maintained in this way is
a
> cause for concern," said Tony Dyhouse from the UK's Trustworthy Security
> Initiative.
>
> "To achieve a more stable and secure technology environment in which
> businesses and individuals can feel truly safe, we have to peel back the
> layers, start at the bottom and work up," he said."This is utterly
> symptomatic of the historic neglect we have seen for the development of a
> dependable and trustworthy baseline upon which to develop a software
> infrastructure for the UK.
> "Ultimately, this is a lifecycle problem. It's here because people are
> making mistakes whilst writing code and making further mistakes when
> patching the original problems."
>
> "
> What is the real story? How vulnerable are our servers? Will the patches
> resolve the problem?
>
> Should there be a focus within the Linux world to track down all the
little
> bits that make up the foundation of the software and making sure they are
> being maintained and secure and above all trusted? Perhaps LA or the next
> LCA could/should pick this up as a theme and be a leader in the open
source
> world?
>
> --
> -- Ian
>
>
> _______________________________________________
> linux-aus mailing list
> linux-aus at lists.linux.org.au
> http://lists.linux.org.au/listinfo/linux-aus
>

--
Refactor. Engage | Succeed | Repeat
tel: +61 (0)7 5668 3424
mob: +61 (0)414 464564
web: refactor.com.au
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux.org.au/pipermail/linux-aus/attachments/20140926/35beab61/attachment.htm 


More information about the linux-aus mailing list