SolarWinds hack shows importance of vendor trust, and why open source is so important

Much has been written about the recent SolarWinds hack – “Almost a cyber pandemic” that we may not know the true extent of for some time.

Librem’s security officer Kyle Rankin recently published an article relating the trust we have from vendors – even signed vendor trusted software, to food:

“If the food supply chain worked like the proprietary software supply chain, we’d buy food in opaque jars with a factory tamper seal on them, but without expiration dates, ingredient lists, food allergy warnings, or nutritional information. The factories would never get inspected for cleanliness or audited to see if they use spoiled ingredients or processed peanuts in the same facility

This is an interesting analogy that is in many ways accurate. However, some proprietary software could come with examples of their usage which would effectively work as a unit test, and many do come with “expiration dates” (often announced years later or at the announcement of a later version, however.)

If you haven’t already, it may be a good time to consider Linux on your device and what wide variety of software you are using. More software packages means more possibilities to be open to infection. Also, if you use Mac/Windows, many people re install it every few years to keep their computer clean from any malware that someone may have installed.

Let’s keep security a high priority with 2020’s vision!

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 1 =