Apple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reutersreports.
The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by concerns around a security vulnerability found in open-source software Log4j.
The vulnerability, which posed a threat to organizations that use Log4j around the world, allowed hackers to control a system and remotely execute malicious code.
According to Sullivan, open-source software such as Log4j presents a "key national security concern" as it is often used and maintained by volunteers. Google, IBM, Meta, Microsoft, and Oracle are also expected to attend the meeting.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
I'm waiting for all the rabbid open-source fans to tell us open-source is much safer than closed-source.
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look at. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
The issue is more that there are a certain amount of core libs that everyone has in their builds. I think now its the Wild West because its no one person/ orgs job to check any of these libs or certify them. … We are leaving for too many core components to be looked after by people for free with no incentive to make sure everything is ok.
The entire Linux community is open source, and yet this is a much more secure platform than Windows has been. And Mac OS and their browsers have heavily benefited from the give and take between Unix and Linux (macOS building on a Unix rather than Linux kernel )
I am almost certain that there have been more security faults in proprietary systems than well maintained open source projects, because the drive behind open source is a more idealistic than the industries “quick to market / milk them all”
With that being said, especially when it comes to web development and the package repositories I see there, I am more doubtful and careful with using and relying on them. I feel it often moves too fast and the community has a different background than e.g. hardcore Linux developers.
I'm waiting for all the rabbit open-source fans to tell us open-source is much safer than closed-source.
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
It's not simple.
Not a rabid open sores fan at all (except back in my teenage years when I went through a rebellious Linux phase ugh), but obscurity does not imply security.
Thursday January 20, 2022 3:32 am PST by Sami Fathi
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update.
With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
Wednesday February 2, 2022 3:48 pm PST by Juli Clover
The U.S. Senate Judiciary Committee will on Thursday consider the Open App Markets Act, an antitrust bill that would allow for sideloading and alternate app stores.
Ahead of the meeting, Apple's head of government affairs in the Americas Tim Powderly sent a letter to committee members, urging them to reject the bill, reports Bloomberg. Powderly repeated a privacy and security argument that...
Thursday January 6, 2022 1:44 pm PST by Juli Clover
Apple's annual shareholders meeting is set to take place Friday, March 4 at 9:00 a.m. Pacific Time, Apple said today in an SEC filing. Shareholders meetings are normally held in person at Apple Park, but this year's meeting, like last year's, will take place virtually and will be open to a greater number of shareholders because there are no space restrictions.
Those who want to attend, vote, ...
Thursday March 17, 2022 10:38 am PDT by Juli Clover
The European Union is set to introduce new legislation as soon as this month that would significantly affect how the App Store operates in Europe, reports The Wall Street Journal.
The Digital Markets Act has been in development for some time and the finalized version that could be completed as soon as this month will allow for sideloading and alternate app store options. Apple will be...
Thursday February 3, 2022 8:32 am PST by Joe Rossignol
The U.S. Senate Judiciary Committee today approved the bipartisan Open App Markets Act, an antitrust bill that would allow for alternative app stores and alternative in-app payment systems on the iPhone. The bill will now head to the Senate floor for a vote.
Apple had urged the U.S. Senate Judiciary Committee to reject the bill, arguing that sideloading would pose privacy and security risks...
Monday January 10, 2022 9:17 am PST by Juli Clover
Microsoft's 365 Defender Research Team this morning published details on a new "Powerdir" macOS vulnerability that let an attacker bypass the Transparency, Consent, and Control technology to gain unauthorized access to protected data.
Apple already addressed the CVE-2021-30970 vulnerability in the macOS Monterey 12.1 update that was released in December, so users who have updated to the...
Tuesday January 18, 2022 11:42 am PST by Juli Clover
U.S. bills that would require major changes to the App Store would ultimately cause consumers to be targeted with malware, ransomware, and scams, Apple's Senior Director of Government Affairs Timothy Powderly said in a letter that was sent today to the Senate Judiciary Committee and that was obtained by MacRumors. Apple sent the letter as the Judiciary Committee prepares to consider the Amer...
Thursday February 10, 2022 10:10 am PST by Juli Clover
Apple today released iOS 15.3.1 and iPadOS 15.3.1, two minor updates to the iOS and iPadOS operating systems released in September 2021. iOS and iPadOS 15.3.1 come two weeks after the release of iOS and iPadOS 15.3.
The iOS 15.3.1 and iPadOS 15.3.1 updates can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new...
Sunday September 25, 2022 2:27 pm PDT by Sami Fathi
A YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display.
TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
Sunday September 25, 2022 10:57 am PDT by Sami Fathi
As we approach the end of a busy product release season for Apple with only new iPads and Macs left to be announced over the next month or so, we're also setting our sights on 2023. Apple is rumored to have several major products in the pipeline for next year, including new Macs, a new HomePod, a VR/AR headset, and so much more.
Other than new iPhones and Apple Watches, which are expected...
Sunday September 25, 2022 6:50 am PDT by Sami Fathi
Apple may decide to release its remaining products for 2022, which include updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pro models, through press releases on its website rather than a digital event, according to Bloomberg's Mark Gurman. In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases,...
Upon the release of the second-generation AirPods Pro, the AirPods Max became the oldest current-generation AirPods product still in Apple's lineup. Introducing several new features like Adaptive Transparency and the H2 chip, the second-generation AirPods Pro may provide some of the best indications yet of what to expect from the second-generation AirPods Max.
Almost two years later, rumors...
Monday September 26, 2022 7:52 am PDT by Joe Rossignol
Earlier this month, Apple announced that iOS 16.1 will enable a new Live Activities feature that allows iPhone users to stay on top of things that are happening in real time, such as a sports game or a food delivery order, right from the Lock Screen. On the iPhone 14 Pro and Pro Max, Live Activities also integrate with the Dynamic Island.
Premier League match in Dynamic Island via Paul Bradford ...
Monday September 26, 2022 7:34 am PDT by Sami Fathi
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more.
After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...
Monday September 26, 2022 6:23 am PDT by Sami Fathi
iPhone 14 Pro customers on the Verizon network in the U.S. are reporting issues with slow and unreliable 5G cellular connections and calls randomly dropping.
Several threads on Reddit (1,2,3) and the MacRumors forums chronicle issues faced by Verizon customers and Apple's latest iPhone. According to user reports, signal strength on the iPhone 14 Pro is unreliable and weak, while other...
Sunday September 25, 2022 7:02 am PDT by Sami Fathi
Apple is gearing up to possibly replace its "Pro Max" iPhone with an all-new "Ultra" iPhone 15 model next year, reliable Bloomberg journalist Mark Gurman said today.
Writing in his latest Power On newsletter, Gurman said that for the iPhone 15, Apple is planning a revamped design alongside USB-C and a potential name change. Apple could replace its "Pro Max" branding, which it started to use...
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing.
The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...
Apple on September 12 released iOS 15.7 and iPadOS 15.7, delivering important fixes for multiple security vulnerabilities, including at least one that has been actively exploited.
Apple's latest mainstream iPhone models come in two sizes with A15 chip, car crash detection, satellite connectivity, and more. iPhone 14 is available now, while iPhone 14 Plus launches on October 7.
Top Rated Comments
It's not that simple. open-source CAN be safer, it can also be less safe. In open-source, the exact code is out there for anyone to look at. This means anyone could see any flaws and fix them. It also means that anyone could see any flaws and exploit them.
In closed-source, you can't see the code. It's a much different process to exploit the code. Much harder. There are also less people who have access to the code to fix any flaws. So, flaws will stick around longer.
It's not simple.
Dependency ('https://xkcd.com/2347/')
I am almost certain that there have been more security faults in proprietary systems than well maintained open source projects, because the drive behind open source is a more idealistic than the industries “quick to market / milk them all”
With that being said, especially when it comes to web development and the package repositories I see there, I am more doubtful and careful with using and relying on them. I feel it often moves too fast and the community has a different background than e.g. hardcore Linux developers.