“Yet vulnerabilities occur in all software, even those maintained by private companies holding extensive resources. What matters most is how these vulnerabilities are found, fixed and then disseminated to the community that uses the project,” Brock said. “We can’t rely on the goodwill and efforts of the community alone to deliver and maintain code when it is used at the scale that open source is deployed. Support is needed from the wider enterprise software industry and governments.”
Though I’m not a software developer or engineer, I do dread those times when I see a product of interest and note, “some assembly required.” But no item, physical or digital, is without the potential for imperfection. A sofa cushion will likely need cleaning as much as a dining room chair might need a screw tightened. It’s unrealistic for users of open-source tools to expect that software is both free of vulnerabilities and impervious to future risk. That’s why it’s important to highlight the ongoing efforts of the enterprise software industry as they work together to ensure that We’re Not Doomed!
Now let’s take a look at what else made industry headlines this week.
Feb. 10: While ChatGPT has grown in popularity, users in China are prohibited from creating OpenAI accounts, yet the chatbot model is “increasingly being incorporated into Chinese consumer technology applications from social networks to online shopping,” according to Reuters.
Feb. 10: As Valentine’s Day approaches, end users should be on alert for romance scammers trying to steal more than their hearts.
Feb. 10: Residents in Northern Virginia, which is dubbed “the heart of the internet,” are feeling the environmental impact of increased demand for cloud computing technologies and data centers.
Feb. 9: The BBC reported, “Seven Russian men have been sanctioned by the UK and US for having links to recent ransomware attacks.”
Feb. 9: A State Department official reportedly said that the Chinese balloon struck down last week was being used as part of a widespread espionage campaign to conduct surveillance operations.
Feb. 9: In collaboration with several government agencies, CISA issued a #StopRansomware alert to help network defenders mitigate the risks of ransomware after the agencies determined that cryptocurrency funds garnered from North Korean state-sponsored ransomware attacks are being used to fuel continued attacks on the healthcare and critical infrastructure sectors.
Feb. 8: The World Economic Forum asserts the industry must “shift the narrative to build a cyber-ready workforce.”
Feb. 7: Dark Reading reported, “A tax variable in the software implementing the Dingo Token allows the creators to charge 99% in fees per transaction, essentially stealing funds, an analysis finds.”
Feb. 6: “Cybercriminals are actively exploiting a two-year-old VMware vulnerability as part of a ransomware campaign targeting thousands of organizations worldwide,” TechCrunch reported.
Feb. 6: The Hacker News reported, “An ongoing malvertising campaign is being used to distribute virtualized .NET loaders that are designed to deploy the FormBook information-stealing malware.”
Feb. 5: Mira Murati, Chief Technology Officer at OpenAI, discussed ChatGPT and the ethical questions surrounding the technology with Time.