At Apple, scanning your phone and virtue signaling is our top priority.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple to Attend White House Meeting to Discuss Security Risks of Open-Source Software
- Thread starter MacRumors
- Start date
- Sort by reaction score
Tone deaf sarcasm. Log4J was and is a catastrophe and the problem of software maintained by volunteers is very real.
Why skip over the rest of my post? I already addressed this.
TheYayAreaLiving 🎗️
Suspended
I wonder what Apple is going to say about the CSAM. How Apple is going to defend CSAM, this time around. Since they didn’t introduce it completely.
Nothing suspicious or worrisome that the largest corporations built on proprietary software are meeting behind closed doors to discuss open software.
TheYayAreaLiving 🎗️
Suspended
I agree. We need transcription notes for this meeting.
Open Source at Apple.
Open source software is at the heart of Apple platforms and developer tools. Apple works with developers around the world to create, contribute, and release open source code.
If you had open sores in your teens, I hope you went to a good doctor!!!
Setting aside the argument of which is safer, open or closed source software, it would help if all software were required to provide and maintain a manifest of all included and dependent modules, and their respective metadata (version number, etc.), that could be used to locate and identify those components that require remediation whenever vulnerabilities are found. Today there's no systemic way to collect and maintain an accurate inventory. Perhaps the most difficult aspect of Log4J is finding and patching all the dark corners of an enterprise where it's being used.
Still not that simple. If you want to target a system, the natural targets are those which are most prominent.
Is the platform really more “secure” or simply far less frequently targeted?
Hey Apple, what about showing us your closed software so we know exactly how safe and private your closed software is. Hm?
It doesnt have to be every library. Just the most used ones. Your not trying to guarantee there zero vulnerabilities. You are just trying to limit the damage if there is an issue. Its pretty easy to work out the most used libraries. The reason why everyone freaked out about log4js is because they all knew that it was used everywhere, even without checking. Because everyone needs to log. Just do a survey of them most used files and most embedded. And make sure they are ok and govt govt agency can review them.
I can see the biggest problem is ratifying a design decision. Log4J issue was done for a reason without thinking it through. Not sure how that can be policed. But I know if we added that to one of our libraries at my company, lots of other devs would ask what the hell do we need that for?
"concerns around the security of open-source software and how it can be improved."
Sounds of Richard Stallman exploding in the distance. ?
Sounds of Richard Stallman exploding in the distance. ?
Open source does not mean volunteers.
The problem is not SW maintained by volunteers, it is its usage for purpose that is far beyond what the initial SW can do and in a context that is beyond the validation/maintenance available.
For the people worried about restrictions on FOSS: Code has been settled as free speech protected by the first amendment. The United States government cannot stop you (without legal challenge).
Unfortunately, congress is run by clowns and old farts that wouldn’t know an int from a double, and as such are likely to view anything that isn’t source obscured with suspicion and fear. Their main point of reference is military OPSEC, which is reliant on secrecy.
This is probably in all likelihood going to lead to nothing substantial.
Unfortunately, congress is run by clowns and old farts that wouldn’t know an int from a double, and as such are likely to view anything that isn’t source obscured with suspicion and fear. Their main point of reference is military OPSEC, which is reliant on secrecy.
This is probably in all likelihood going to lead to nothing substantial.
I have a feeling that the only thing that will come out of this, is that tech companies will somehow now be less likely to be litigated against if their "swiss-cheese" security measures become breached, or lead to breaches.
That is exactly what I came here to say. Open-sourced software is one option that keeps people from using the Mac App Store and I am afraid that someday Apple is going to put that wall fully up on the Mac garden.
I don’t know how many times I have repeated this: forcing the Mac to App Store only would kill the platform. Apple knows this, and isn’t likely to shoot themselves in the foot.
Can’t happen until there is an alternate way to develop software for the Apple ecosystem besides the Mac. Developers need full control of their machines for software development.
