Displaying items by tag: Open Source

Supply chain attacks are all the rage right now (although certainly not new). These attacks are part of what appears to be a multi-pronged shift in the threat landscape. While attacks on the endpoint and users are still happening, we are also seeing expanded efforts in targeting edge devices, networking equipment, and an increased focus on open-source repositories. Recently a new campaign was discovered that is leveraging open-sourced software supply chain attacks in an effort to target the banking sector.

A new flaw has been identified in the Node.js package manager, NPM. The flaw is being described as a logical flaw, but in reading over the data it seems more like a permissions flaw. The good news is that as of April 26, the flaw has been addressed by NPM, the bad is that it was in play until then. According to the researchers that discovered it, the flaw related to the way you can attach other accounts to an uploaded package.

The Open Source community has been one that many leverage to help build their applications. It has become a great place to find applications packages that make building out a larger application or eco systems less time consuming. We see this in just about every development space from large to small. Having helpful sources of working code can speed up the development lifecycle and allow for greater interoperability as many applications use the same dependencies and core functions. The open source community is a great resource and typically is one that you can trust to pull code from.

Since the beginning of the Russian invasion of Ukraine we have seen a massive increase in what can only be called cyber warfare. This battle is not just being fought at the state level though. Even APT groups have gotten involved as they take sides in the conflict. One step down from that (and only a very small step) we see the hacktivists jumping into the fray on both sides. Now, we see a new and unexpected form of protest from the open source community.

Since Microsoft Office price per seat per year for businesses is around $75 two public administrations in the German cities of Freiburg and Munchen decided to switch to OpenOffice. One of them went well while other one did not do so well. The Unsuccessful transition occurred in Freiburg. Their calculations went like this - $75 per year per computer for public administration, which for as many as 2,000 users per year is $ 150,000. However, after five years, although they saved on the prices for licenses, they have spent $600,000, with a disgruntled employee who complained about the incompatibility of file formats. To make things worse, they returned to Microsoft Office, which was at the first year cost of at least half a million dollars.

HP appears to be taking a leaf out of AMD’s book; when times get tough, move to the open source community. Now I know that last statement is going to bug people, but just to be clear that is not meant as an insult. It is actually a smart thing to do when you cannot afford to fund research and development on your own; you put it in the hands of the people that are eager to build on the platform.  AMD has done this more than once in its recent past and it has paid off for them and in the end the market.