A critical vulnerability has been found in the Concurrent Versions System (CVS), which is used by the vast majority of open-source projects to update and maintain source code, according to an advisory from the Computer Emergency Response Team (CERT) Coordination Center. CVS allows open-source developers to remotely update and modify the source code to projects while ensuring that collaborative efforts don’t overlap. By using CVS, changes to source code made by one developer aren’t overwritten by another. It also tracks version control and provides the open-source community with a means by which to manage open projects with multiple contributors. The security hole allows attackers to take control of a CVS server and alarmingly, it may also allow anonymous attackers to fiddle with open-source code at the development level. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.