document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #25350 from lkxed/master

Browse Source 
删除过时新闻:20220422 Open Source Software maintainer Vandalizes Own Code In Anti-Russian Protest.md
This commit is contained in:
Xingyu.Wang 2022-04-26 18:15:46 +08:00 committed by GitHub
commit d196d02fe4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
sources/news/20220422 Open Source Software maintainer Vandalizes Own Code In Anti-Russian Protest.md
View File

@ -1,45 +0,0 @@
[#]: subject: "Open Source Software maintainer Vandalizes Own Code In Anti-Russian Protest"
[#]: via: "https://www.opensourceforu.com/2022/04/open-source-software-maintainer-vandalizes-own-code-in-anti-russian-protest/"
[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Open Source Software maintainer Vandalizes Own Code In Anti-Russian Protest
======
![swam][1]
An open source piece of software has been hacked and modified to delete data from PCs. Whats interesting about this scenario is that the saboteur was the codes creator. In this case, the developer, a Russian, appears to have committed cyber-vandalism as a kind of retaliation against his own country as a result of the Ukraine conflict. The consequences, on the other hand, go beyond national lines.
The node-ipc package, which is part of the npm java package management for the JavaScript programming language, appears to have been purposefully damaged by the open source software package maintainer.
The example shows the dangers that come with various types of Free Open Source Software, and why organisations should be cautious about the software they use. Sally Vincent, Senior Threat Research Engineer at LogRhythm, is investigating this odd instance for Digital Journal.
There are certain lessons to be learned from this situation, according to Vincent: “The inclusion of “protestware” in the open-source node-ipc module serves as reminder to all organizations that use of open-source software comes with security risks.”
The following factors, according to Vincent, are constantly in play:
Organizations should have open-source software governance policies in place, as well as monitoring policies for updates from open-source repositories.
Developers should be aware of the security concerns associated with incorporating open-source repositories into their work.
Any project that relies on open-source repositories should always double-check its source code to ensure dangerous code isnt hidden therein.
Vincent warns that the potential for repeating this event is pretty simple, noting: “This incident shows how easily malicious code can be introduced to an open-source project.” This is irrespective as to the motivations for doing so, as Vincent states: “Its notable for the fact that the person who introduced it claims that it is part of a peaceful protest.” She adds: “Regardless of intent, the code is a potentially very harmful. Any projects that use node-ipc should be immediately checked to make sure they not on a malicious source code thread.”
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/04/open-source-software-maintainer-vandalizes-own-code-in-anti-russian-protest/
作者:[Laveesh Kocher][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/laveesh-kocher/
[b]: https://github.com/lkxed
[1]: https://www.opensourceforu.com/wp-content/uploads/2022/04/swam-696x348.jpg