<div dir="ltr"><div>The journos are having a field day over the discovery of the vulnerabilities in Bash, the vulnerability now called Shellshock. They talk of 500million affected sites. Any Apache server is easily taken over. Some reporting that the patches not fully safe yet. <br><a href="http://www.bbc.com/news/technology-29361794">http://www.bbc.com/news/technology-29361794</a><br>"The new bug has turned the spotlight, once again, onto the reliance the
technology industry has on products built and maintained by small teams
often made up of volunteers."<br>And even more fingers being pointed at the Open Source community,<br> "That such key parts of everyday technology are maintained in this way
is a cause for concern," said Tony Dyhouse from the UK's Trustworthy
Security Initiative.
<p>"To achieve a more stable and secure technology environment
in which businesses and individuals can feel truly safe, we have to peel
back the layers, start at the bottom and work up," he said."This is utterly symptomatic of the historic neglect we have
seen for the development of a dependable and trustworthy baseline upon
which to develop a software infrastructure for the UK.<br>"Ultimately, this is a lifecycle problem. It's here because
people are making mistakes whilst writing code and making further
mistakes when patching the original problems."</p>"<br>What is the real story? How vulnerable are our servers? Will the patches resolve the problem?<br><br></div>Should there be a focus within the Linux world to track down all the little bits that make up the foundation of the software and making sure they are being maintained and secure and above all trusted? Perhaps LA or the next LCA could/should pick this up as a theme and be a leader in the open source world?<br clear="all"><div><div><br>-- <br>-- Ian<br><br>
</div></div></div>