Sign up to save your podcasts
Or
Share OpenJS Foundation’s Leader Details the Threats to Open Source
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
OpenJS Foundation’s Leader Details the Threats to Open Source
After the XZ Utils backdoor vulnerability was uncovered in March, the OpenJS Foundation saw a surge in inquiries from potential open source JavaScript contributors. Robin Ginn, executive director of the foundation, noted that volunteer-led JavaScript communities often face challenges in managing these contributions. The discovery that a single contributor, "Jia Tan," planted the backdoor heightened vigilance, especially when new contributors requested admin privileges. Ginn emphasized that trust is not synonymous with security, especially in open source projects where maintainers must be vigilant about who can access their repositories.
The XZ vulnerability highlighted broader concerns about the security of open source software, particularly in projects with only a single maintainer. Despite receiving a significant grant from Germany's Sovereign Tech Fund, the foundation remains under-resourced, with just two full-time staffers supporting 35 projects. Ginn urged companies that rely on open source software to invest in it by hiring maintainers, ensuring these critical projects are properly supported.
Learn more from The New Stack about open source vulnerability
Linux xz Backdoor Damage Could Be Greater Than Feared
Unzipping the XZ Backdoor and Its Lessons for Open Source
Linux xz and the Great Flaws in Open Source
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
View all episodes
By The New Stack
4.3
3131 ratings
After the XZ Utils backdoor vulnerability was uncovered in March, the OpenJS Foundation saw a surge in inquiries from potential open source JavaScript contributors. Robin Ginn, executive director of the foundation, noted that volunteer-led JavaScript communities often face challenges in managing these contributions. The discovery that a single contributor, "Jia Tan," planted the backdoor heightened vigilance, especially when new contributors requested admin privileges. Ginn emphasized that trust is not synonymous with security, especially in open source projects where maintainers must be vigilant about who can access their repositories.
The XZ vulnerability highlighted broader concerns about the security of open source software, particularly in projects with only a single maintainer. Despite receiving a significant grant from Germany's Sovereign Tech Fund, the foundation remains under-resourced, with just two full-time staffers supporting 35 projects. Ginn urged companies that rely on open source software to invest in it by hiring maintainers, ensuring these critical projects are properly supported.
Learn more from The New Stack about open source vulnerability
Linux xz Backdoor Damage Could Be Greater Than Feared
Unzipping the XZ Backdoor and Its Lessons for Open Source
Linux xz and the Great Flaws in Open Source
Join our community of newsletter subscribers to stay on top of the news and at the top of your game.
More shows like The New Stack Podcast
View all
Hanselminutes with Scott Hanselman
377 Listeners
Software Engineering Radio - the podcast for professional software developers
266 Listeners
The Changelog: Software Development, Open Source
285 Listeners
The Cloudcast
154 Listeners
Thoughtworks Technology Podcast
41 Listeners
The New Stack Analysts
9 Listeners
Talk Python To Me
585 Listeners
Software Engineering Daily
628 Listeners
The New Stack @ Scale
3 Listeners
The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)
434 Listeners
The New Stack Context
4 Listeners
AWS Podcast
200 Listeners
Kubernetes Podcast from Google
181 Listeners
Practical AI
190 Listeners
The Stack Overflow Podcast
63 Listeners
Oxide and Friends
47 Listeners
Latent Space: The AI Engineer Podcast
63 Listeners
The Pragmatic Engineer
52 Listeners