RealNews

More flaws foul security of open-source repository

Security researchers have found at least six more flaws in the open-software world’s most popular program for maintaining code under development. According to a representative of the project that oversees the program, known as the Concurrent Versions System, the vulnerabilities include a flaw that could let an attacker take control of a CVS server from the Internet, putting the code repository’s contents at risk. The flaws were discovered as part of an analysis of the program’s code following the announcement last month of a similar set of issues. The security flaws underscore the advice of CVS Project leaders, who say development teams should not be placing source-code repositories directly on the Internet. Rather, the repositories should be accessible only on private local networks or through VPNs (virtual private networks), said Derek Robert Price, one of three maintainers of the CVS Project and the project’s release manager. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.