“There is a big security problem,” declares Bruce Perens, one of the most prominent pioneers of open source technology, having co-founded the Open Source Initiative and created the Open Source Definition. Perens goes on to explain that 70% of today’s security issues can be attributed to an attacker overrunning the boundaries of a memory buffer. Indeed, much of the code frequently used today such as C and C++ have not been created to enforce memory boundaries; thus, enabling cybercriminals to overwrite memory to modify, takeover or crash a system. Yet, that’s not to say that hasn’t been a solution…
In fact, there has been one since as early as 1981. Intel’s iAPX 432 included memory boundary protection hardware which could have had great potential to tackle the vast majority of vulnerabilities. However, for a host of reasons not least its ambition for the technology and market of the time, iAPX 432 failed to see widespread adoption. In 1987, Perens himself sought to solve the problem with the release of ‘Electric Fence’, a free program that put a hardware barrier at the end of every memory allocation. Unfortunately, this too saw limited success as it was found to be too inefficient to leverage in production. Today, after forty years in the making, the technology has finally developed to run fast enough, at minimal cost, with enough memory. It now makes economic sense to incorporate hardware memory barriers in central processing units (CPUs).
In other words, we knew how, and had the technical capability, to solve a very serious issue 40 years ago, but chose not to pursue it as long as it impacted revenue and ate into profits. But what if we redefined ‘economic sense’? What about non-monetary economics?
That is precisely the premise upon which the Open Source world is built upon: an exchange of work instead of money. In this environment, there is always a motivation to do the work. That is, to create great software.
You can tune in to Bruce Perens’ fascinating keynote here:
The event also included a panel discussion moderated by cybersecurity journalist, Geoff White, joined by Amanda Brock, CEO of Open UK, the UK body for Open Technology, Andy Martin, CEO and Founder of ControlPlane and Mark Inskip, Programme Director from the Morello Program, Arm.
In the News this Week
Once again, we saw no shortage of cyber-attacks take place this week. MacMillan Publishers US suffered a ransomware attack which left their sales team “unable to process, receive, place, or ship new orders”. Wiltshire Farm Foods and its parent company, Apetito, a supplier of ready meals, also fell victim to a cyber-attack which led to disruption in deliveries, including to clinics and retirement homes.
Perhaps, a collaborative approach is exactly what we need to overcome the seemingly incessant stream of cybersecurity threats.