Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Fhios

No, there is not. A major Struts project involves many programmers, and at the time they downloaded the flawed version, nobody knew about the flaw. If the flaw had been known, the version would not have been on the Apache site for download.

Struts is an open-source framework coded by volunteers worldwide. A vulnerability like this is a serious blow against open-source software, and a great embarrassment to the Apache project.


16 posted on 09/16/2017 8:31:10 PM PDT by proxy_user
[ Post Reply | Private Reply | To 15 | View Replies ]

To: proxy_user

And, and why Open Source shouldn’t be used where security is required.


19 posted on 09/16/2017 8:46:28 PM PDT by Reno89519 (PRESIDENT TRUMP, KEEP YOUR PROMISES! NO AMNESTY AND BUILD THAT WALL.)
[ Post Reply | Private Reply | To 16 | View Replies ]
To: proxy_user

Major fail of the open source community. Typically they are very good at self policing.


48 posted on 09/17/2017 4:43:52 AM PDT by mad_as_he$$ (Not my circus. Not my monkeys.)
[ Post Reply | Private Reply | To 16 | View Replies ]
To: proxy_user

It’s not been good for the last few years, far too many major security flaws in OSS. The whole arguments of “security through transparency” is basically trash at this point (imho). It seems good security practices coupled with “security through obscurity” wins - Apple being a good example, even Microsoft has been far better lately.


58 posted on 09/17/2017 6:46:52 AM PDT by fuzzylogic (welfare state = sharing consequences of poor moral choices among everybody)
[ Post Reply | Private Reply | To 16 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson