Trustworthy open-source computing
When I was in the military, one of the things I learned about was holding a perimeter. The perimeter could be around anything: a camp, a hill, a beer garden, or whatever. The perimeter was your position on the battlefield, and you were obligated to defend it to keep everything inside the perimeter safe.
Under no circumstance were you to ever let your perimeter get overrun. If you were forced to defend it, you fought with superhuman strength. If you thought your perimeter was going to be overrun, you called any and everybody that you thought could help: air support, artillery, armor... anybody.
We've seen exactly this kind of exercise in the open-source world in the last few weeks, though not necessarily from the same school of training or thought. Two high-profile projects experienced compromises. They announced it to the community, essentially letting everybody know that their perimeters had been overrun, and that they needed all the help they could get.
[ Read more ]
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.