Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

 
NetNews
N E W S / A N A L Y S I S  


FUDBusters

  February 20, 2003
  By Don MacVittie


TOC Issue TOC
Printer Print full article
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author

When: Jan. 23, 2003

What: A recent 'big news' item in some publications revealed that there was a vulnerability in CVS, the source-code repository used by many open-source projects.

FUDFactor: This vulnerability may have led, or may yet lead, to Trojan horses (or worse) introduced directly into the source code of your favorite open-source product.

Discuss Join other NWC readers in discussing this article.
FUDBust: This is nothing more than sensationalism. The vulnerability was discovered, reported to organizations known to use CVS and reported to the CVS development group before the press was alerted. The problem was fixed by the time the articles were written. More important, the real risk of Trojans comes from team members of small OSS projects, not from outsiders cracking CVS servers. In a large project, with many people going over the code (the Apache Project for example), the risk of Trojans introduced into the source code is minimal. For a project with one or two developers and a small user base, the risk is present. To protect against the tiny chance that one of those developers is a rogue, have another developer look over the source code before you install it.


Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Next Generation Data Center, Delivered, November 17th
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll