R&D Executive – Why Shellshock and Heartbleed Should Matter to You

October 15, 2014 Rami Sass

So, you’ve heard of Shellshock, of course. And if you use Unix, you made sure someone installed the right patch for Bash– and you think – OK, I’ve dealt with it, let’s get back to more important things.

Well, there’s more to Shellshock than meets the eye. Here’s why:

1. There are many more security vulnerabilities out there Shellshock, and Heartbleed before it, are two examples of security vulnerabilities in widely used open source components.

Open source components, like any software, have bugs and security vulnerabilities. The great thing is that open source components usually have an entire community of developers and users who report on vulnerabilities and fix them.

All you need to do is to follow announcements (CVEs) and online repositories for updates

Equifax brief - key facts and lessons learned

2. Bash (or parts of other open source components) may be still part of your software

 Open source components that were designed for one purpose can be quite useful in other scenarios. So it is quite probable that one of your developers decided to use an open source component – or part of it – in his software. Whatever this component does, or contains, is now part of your software. 

Open source is great. You get the functionality you need, for free, and it saves development time and effort. The other reason for which it is great is the fact that it is used by many, continuously tested and improved – and the results are shared with the community.  

All we have to do, as R&D execs, is make sure that we know what’s in our software and what updates were published about the components we use.

Previous Article
3 Reasons Why Open Source Software is More Secure than Commercial Software. An Opinion.
3 Reasons Why Open Source Software is More Secure than Commercial Software. An Opinion.

The use of open source components is booming. According to analyst firms such as Forrester, Gartner, and 45...

Next Article
Newly Discovered Shellshock Bug Can Now Be Immediately Detected by WhiteSource’s Proactive Open Source Vulnerabilities Alert Solution

The WhiteSource solution is now available for the immediate detection of the newly discovered Shellshock to...