Network Computing is part of the Informa Tech Division of Informa PLC
When: Jan. 23, 2003
What: A recent 'big news' item in some publications revealed that there was a vulnerability in CVS, the source-code repository used by many open-source projects.
FUDFactor: This vulnerability may have led, or may yet lead, to Trojan horses (or worse) introduced directly into the source code of your favorite open-source product.
FUDBust: This is nothing more than sensationalism. The vulnerability was discovered, reported to organizations known to use CVS and reported to the CVS development group before the press was alerted. The problem was fixed by the time the articles were written. More important, the real risk of Trojans comes from team members of small OSS projects, not from outsiders cracking CVS servers. In a large project, with many people going over the code (the Apache Project for example), the risk of Trojans introduced into the source code is minimal. For a project with one or two developers and a small user base, the risk is present. To protect against the tiny chance that one of those developers is a rogue, have another developer look over the source code before you install it.
Recommended For You
Developing and managing a network budget is hard work for network professionals, who often get hit with new projects that they know nothing about. Is there a better way to manage network spending?
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.