Apple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reutersreports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by concerns around a security vulnerability found in open-source software Log4j.
The vulnerability, which posed a threat to organizations that use Log4j around the world, allowed hackers to control a system and remotely execute malicious code.
According to Sullivan, open-source software such as Log4j presents a "key national security concern" as it is often used and maintained by volunteers. Google, IBM, Meta, Microsoft, and Oracle are also expected to attend the meeting.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Friday August 16, 2024 4:14 am PDT by Tim Hardwick
Leaker Sonny Dickson is back today with a new dummy unit image showing all four iPhone 16 Pro color variants, including the rose gold or "bronze" unit that replaces Blue Titanium in the existing iPhone 15 Pro models. The iPhone 16 Pro models are expected to come in black, white or silver, gray or "Natural Titanium," and a rose or rose gold color replacing Blue Titanium, according to Apple...
Tuesday August 13, 2024 4:01 pm PDT by Juli Clover
Multiple rumors have suggested that the iPhone 16 models are going to have an all-new button that's designed to make it easier to capture photos when the devices are held in landscape mode. Apple calls the button the Capture Button internally, and it is going to be one of the most advanced buttons that's been introduced to date with support for multiple gestures and the ability to respond to ...
Saturday August 10, 2024 5:00 am PDT by Tim Hardwick
Apple typically releases its new iPhone series in the fall, and a possible September 10 announcement date has been floated this year, which means we are just one month away from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design...
Wednesday August 14, 2024 6:20 am PDT by Tim Hardwick
Apple's iPhone 16 series is expected to debut in September 2024. This release follows Apple's trend of introducing new iPhone models annually in the fall. While the exact date has yet to be officially confirmed, the day of Tuesday, September 10 has been rumored as a possible announcement date, and September has traditionally been the month when Apple unveils its latest smartphone innovations. ...
Wednesday August 14, 2024 11:30 am PDT by Eric Slivka
Apple is moving forward with its project to develop a tabletop robotic device, according to Bloomberg's Mark Gurman. Subscribe to the MacRumors YouTube channel for more videos. The device would feature a large iPad-like display mounted on a "thin robotic arm" that would allow the display to tilt and up and down and rotate a full 360º, and it would serve as a "smart home command center," a...
Thursday August 15, 2024 4:34 pm PDT by Juli Clover
It's almost September, but Apple still has multiple new product launches planned for 2024. New iPhone 16 models and Apple Watches are coming in September, and we're also going to get at least three Mac updates with M4 chips this year, according to rumors. Here's what's on the horizon. MacBook Pro Apple plans to refresh both the 14-inch and 16-inch MacBook Pro models, adding M4 chips. The ...
Thursday August 15, 2024 1:32 pm PDT by Juli Clover
T-Mobile was fined $60 million by the Committee on Foreign Investment in the US (CFIUS) for negligence surrounding data breaches, reports Reuters. CFIUS penalized T-Mobile for failing to prevent or disclose unauthorized access to sensitive customer data. When T-Mobile merged with Sprint, it signed a national security agreement with CFIUS, which is what led to the fine earlier this year....
I'm waiting for all the rabbid open-source fans to tell us open-source is much safer than closed-source.
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look at. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
The issue is more that there are a certain amount of core libs that everyone has in their builds. I think now its the Wild West because its no one person/ orgs job to check any of these libs or certify them. … We are leaving for too many core components to be looked after by people for free with no incentive to make sure everything is ok.
The entire Linux community is open source, and yet this is a much more secure platform than Windows has been. And Mac OS and their browsers have heavily benefited from the give and take between Unix and Linux (macOS building on a Unix rather than Linux kernel )
I am almost certain that there have been more security faults in proprietary systems than well maintained open source projects, because the drive behind open source is a more idealistic than the industries “quick to market / milk them all”
With that being said, especially when it comes to web development and the package repositories I see there, I am more doubtful and careful with using and relying on them. I feel it often moves too fast and the community has a different background than e.g. hardcore Linux developers.
I'm waiting for all the rabbit open-source fans to tell us open-source is much safer than closed-source.
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
It's not simple.
Not a rabid open sores fan at all (except back in my teenage years when I went through a rebellious Linux phase ugh), but obscurity does not imply security.
