You can’t trust the stars on GitHub — I just learned that. Like on other social networks, stars can be bought on GitHub. This creates the misleading impression that a piece of software is especially popular and trustworthy. Unfortunately, this tactic appears to be frequently used to spread malware. The Rise of Fake GitHub Stars: A Growing Security Threat for cyberinsider.com ...
Although Randy Bias’s article, titled “Avoiding a Geopolitical Open Source Apocalypse”, is a bit dated — it was published in October 2024 — it remains relevant. The piece appears on thenewstack.io and provides useful food for thought about cooperation between East and West for a shared, secure open-source ecosystem. Some think that open source software is generally more secure, but is it? Open source software mainly made in the West has well-documented security issues of its own, due in part to its heavy reliance on overworked and volunteer maintainers. Securing open source software requires time, energy and diligence. Unfortunately, many projects are very thinly resourced and lack the expertise required to look for security risks diligently. ...
The W3C (World Wide Web Consortium) is an international organization committed to ensuring that the web works for everyone—not just today, but in the future as well—through clear standards and guidelines that safeguard growth and interoperability. In their statement »Ethical Web Principles« they really put it succinctly: the web should be for everyone. The web should be a platform that helps people and provides a positive social benefit. As we continue to evolve the web platform, we must therefore consider the consequences of our work. The following document sets out ethical principles that will drive W3C’s continuing work in this direction. ...
Given the numerous security issues Microsoft has faced, this at least points to an improvement in the situation. However, Kathleen Hogan will have to be held to these statements over the coming year. Tom Warren writes in ‘Every Microsoft employee is now being judged on their security work’ for theverge.com Kathleen Hogan, Microsoft’s chief people officer, has outlined what the company expects of employees in an internal memo obtained by The Verge. “Everyone at Microsoft will have security as a Core Priority,” says Hogan. “When faced with a tradeoff, the answer is clear and simple: security above all else.” ...
In their study »Dazed & Confused: A Large-Scale Real-World User Study of reCAPTCHA v2«, the authors Andrew Searles, Renascence Tarafder Prapty and Gene Tsudik argue for discontinuing the service. They justify this by generally poor user acceptance. They also criticize the significant resource demands in terms of time and data centers. Added to this is a troubling susceptibility to bots — a stark contradiction of its intended purpose. We explore the cost and security of reCAPTCHAv2 and conclude that it has an immense cost and no security. Overall, we believe that this study’s results prompt a natural conclusion: reCAPTCHAv2 and similar reCAPTCHA technology should be deprecated. ...