Apple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reutersreports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by concerns around a security vulnerability found in open-source software Log4j.
The vulnerability, which posed a threat to organizations that use Log4j around the world, allowed hackers to control a system and remotely execute malicious code.
According to Sullivan, open-source software such as Log4j presents a "key national security concern" as it is often used and maintained by volunteers. Google, IBM, Meta, Microsoft, and Oracle are also expected to attend the meeting.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
I'm waiting for all the rabbid open-source fans to tell us open-source is much safer than closed-source.
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look at. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
The issue is more that there are a certain amount of core libs that everyone has in their builds. I think now its the Wild West because its no one person/ orgs job to check any of these libs or certify them. … We are leaving for too many core components to be looked after by people for free with no incentive to make sure everything is ok.
The entire Linux community is open source, and yet this is a much more secure platform than Windows has been. And Mac OS and their browsers have heavily benefited from the give and take between Unix and Linux (macOS building on a Unix rather than Linux kernel )
I am almost certain that there have been more security faults in proprietary systems than well maintained open source projects, because the drive behind open source is a more idealistic than the industries “quick to market / milk them all”
With that being said, especially when it comes to web development and the package repositories I see there, I am more doubtful and careful with using and relying on them. I feel it often moves too fast and the community has a different background than e.g. hardcore Linux developers.
I'm waiting for all the rabbit open-source fans to tell us open-source is much safer than closed-source.
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
It's not simple.
Not a rabid open sores fan at all (except back in my teenage years when I went through a rebellious Linux phase ugh), but obscurity does not imply security.
Thursday January 6, 2022 1:44 pm PST by Juli Clover
Apple's annual shareholders meeting is set to take place Friday, March 4 at 9:00 a.m. Pacific Time, Apple said today in an SEC filing. Shareholders meetings are normally held in person at Apple Park, but this year's meeting, like last year's, will take place virtually and will be open to a greater number of shareholders because there are no space restrictions.
Those who want to attend, vote, ...
Monday January 10, 2022 9:17 am PST by Juli Clover
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
Wednesday December 8, 2021 1:19 pm PST by Juli Clover
Apple today introduced a redesigned website for its Open Source projects, which houses Apple's open source work like Swift, WebKit, ResearchKit, FoundationDB, and more. The updated site can be found at opensource.apple.com.
The site includes two main sections, including Featured Projects to showcase a selection of Apple's open source work, and a second section for Releases.
The Featured...
The Authority for Consumers and Markets (ACM) in the Netherlands plans to assess Apple's announced plans for allowing dating apps on the App Store in the country to use third-party payment methods, ensuring those plans "meet the requirements" of a previous ruling.
Over the weekend, Apple announced that it would exclusively allow dating apps on the App Store in the Netherlands to use...
Friday September 24, 2021 10:42 am PDT by Joe Rossignol
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible.
In the time since, reports have surfaced indicating...
Wednesday August 25, 2021 3:53 pm PDT by Juli Clover
Apple CEO Tim Cook this morning attended a cybersecurity meeting with U.S. President Joe Biden and executives from other tech companies like Microsoft, Google, and Amazon.
Following the summit, the White House said that the companies in attendance pledged their help to bolster U.S. cybersecurity efforts, with Apple planning to develop a program to make security improvements across its...
Tuesday January 18, 2022 11:42 am PST by Juli Clover
U.S. bills that would require major changes to the App Store would ultimately cause consumers to be targeted with malware, ransomware, and scams, Apple's Senior Director of Government Affairs Timothy Powderly said in a letter that was sent today to the Senate Judiciary Committee and that was obtained by MacRumors. Apple sent the letter as the Judiciary Committee prepares to consider the Amer...
Apple CEO Tim Cook is set to join other tech executives in a cybersecurity meeting with U.S. President Joe Biden next week, reports Bloomberg.
The meeting will focus on the efforts by private companies to improve cybersecurity following a surge in online attacks over the course of the last year, an official familiar with the event told Bloomberg.The executives could discuss efforts...
Wednesday January 19, 2022 11:30 am PST by Juli Clover
It's now been a few months since the M1 Pro and M1 Max MacBook Pro models launched in October, and MacRumors video editor Dan Barbera has been using one of the new machines since they debuted. Over on the MacRumors YouTube channel, Dan has shared a three month review of his MacBook Pro to see how it has held up over time and how it's changed his workflow.
Subscribe to the MacRumors YouTube ...
Wednesday January 19, 2022 6:44 am PST by Joe Rossignol
Apple suppliers will begin producing display panels for the third-generation iPhone SE this month, with final assembly of the device likely to start in March, according to information shared by display industry consultant Ross Young.
Based on this production timeframe, Young believes the third-generation iPhone SE is likely to launch in the second half of April, or perhaps in early May at...
Tuesday January 18, 2022 11:46 am PST by Juli Clover
Apple today released a new 4C170 firmware update for the AirPods 3, an update from the prior 4C165 that was made available in December.
Apple does not offer details on what's included in new firmware updates for the AirPods, so we don't know what improvements or bug fixes the new firmware brings.
There is no standard way to upgrade the AirPods software, but firmware is...
Tuesday January 18, 2022 6:11 am PST by Joe Rossignol
Apple today filed unreleased iPhone and iPad models in the Eurasian Economic Commission database, as spotted by French blog Consomac.
The filings likely represent the rumored third-generation iPhone SE, fifth-generation iPad Air, and potentially more. The unreleased iPhone models have the identifiers A2595, A2783, and A2784, while the unreleased iPad models have the identifiers A2588, A2589, ...
Tuesday January 18, 2022 10:35 am PST by Juli Clover
Verizon and AT&T's upcoming rollout of new C-Band 5G technology could cause chaos and lead to widespread delays of passenger and cargo flights, major U.S. airlines said on Monday in a letter sent to the White House National Economic Council, the FAA, and the FCC (via Reuters).
"Unless our major hubs are cleared to fly, the vast majority of the traveling and shipping public will essentially...
Tuesday January 18, 2022 4:15 am PST by Tim Hardwick
Microsoft has released a new version of its Office for Mac productivity suite that includes an updated Excel app with 100% native support for Apple silicon machines.
According to the release notes accompanying version 16.57, Excel will now run natively on Macs powered by Apple's M1-series processors without having to use the Rosetta 2 translation layer, which means anyone using a Mac with an ...
Wednesday January 19, 2022 2:22 am PST by Sami Fathi
Apple is now requiring that customers in the United States verify that they're active students, teachers, or staff members at an educational institution in order to access education discounts on products.
Previously, little verification was needed for customers to purchase products through Apple's education store in the United States. Apple's education stores offer models of the iPad and Mac ...
Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple's ProMotion display technology, according to a respected display analyst.
Ross Young, who on multiple occasions has detailed accurate information about Apple's future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain...
Apple's long-rumored under-display Face ID technology will not be coming to the iPhone 14 Pro, according to recent reports.
Based on the latest rumors, it now looks unlikely that the 6.1-inch iPhone 14 Pro and 6.7-inch iPhone 14 Pro Max will feature Face ID technology under the display as several reports claimed over the past year.
Display industry consultant Ross Young, who often reveals ...
Top Rated Comments
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look at. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
It's not simple.
Dependency ('https://xkcd.com/2347/')
I am almost certain that there have been more security faults in proprietary systems than well maintained open source projects, because the drive behind open source is a more idealistic than the industries “quick to market / milk them all”
With that being said, especially when it comes to web development and the package repositories I see there, I am more doubtful and careful with using and relying on them. I feel it often moves too fast and the community has a different background than e.g. hardcore Linux developers.