The massive 2017 Equifax hack was done in part by exploiting a critical (though patched) web server vulnerability in Apache Struts, a common and popular form of open source software to creating Java applications. (Equifax)
Cybersecurity startup WhiteSource announced it has raised $75 million in Series D funding, highlighting how tech and security investors are increasingly focusing on the open source software security market.
The latest investment of $75 million, drawn mostly from Pitango Growth and existing investors M12, Susquehanna Growth Equity, and 83North, is significantly more than the approximately $46 million the company raised combined through previous funding rounds. As part of the deal, Pitango Growth managing partner Isaac Hillel will join WhiteSourceâs board of directors.
Google Funds Two Full-Time Linux Security Developers To help Linux maintainers stay ahead of the black hats, Google has funded two full-time Linux security developers.
Linux is becoming more secure.
Google and the Linux Foundation recently announced that Google will fund two full-time Linux security developers to focus entirely on securing the kernel.
There s always room for Linux security
improvements – especially with a project that currently weighs-in at close to 29 million lines of code, meaning there s plenty of room for mistakes. Since Linux is open source, the code is also freely available for everyone to see, even bad actors looking for vulnerabilities to exploit.
PHOTO:
James Sutton
If, as we have seen recently, many organizations are warming to the idea of open source technology, the change in attitudes can most likely be attributed to the productivity advantages of using open source applications enterprise-wide, or even across small teams.
Competitive Advantage
The result is that that use of open source can only grow in the future, according to Cory Hulen, CTO and co-founder of Palo Alto, Calif.-based open core platform Mattermost. Companies like Kong and Gitlab represent a wave of organizations with open source foundations carving out enterprise market share. IBM acquired Red Hat over two years. âItâs a phenomenon thatâs here to stay. The open source community has grown tremendously and continues to affect the trajectory of virtually every industry,â he said.
David Wheeler, director of open-source supply chain security, Linux Foundation
The SolarWinds supply chain compromise has raised questions about how organizations can detect software that has been tainted during the vendor’s development and build process.
“It doesn’t matter how good or how secure your source code is because what your customers are actually installing could be malicious, which is exactly what happened in the SolarWinds case,” says David A. Wheeler, director of open-source supply chain security at the Linux Foundation.
The idea of a verified reproducible build is gaining traction. In such a build, the code can be verified as containing only code that came from the original source code.