2022 Linux and open source developers most needed

Jan 3, 2022 - 05:33
 11
2022 Linux and open source developers most needed

Linux is everywhere. This is what drives all clouds, even Microsoft Azure. That’s why all 500 of the top 500 supercomputers work. Even desktop Linux is growing. But with great power comes great responsibility. And, as many developers recently discovered when multiple security vulnerabilities were discovered in the open source library for logging Apache Java log4j 2, it also brings big headaches. Problems with log4j 2 are as bad as they can be. According to the National Vulnerability Database (NVD), it is rated 10.0 CVSSv3. His real trouble is not so much in the open source itself. Security must be constantly checked, software must be secure at all times.


However, the real problem with log4j is how Java hides which libraries its source code and binaries use in the many variations of the Java Archive (JAR). The result? You may use a vulnerable version of log4j and don’t know until you use it. Fortunately, there are log4j scanners that can help you spot faulty log4j libraries in use. But - they are not perfect. There is another problem behind log4j clutter, which is “How do you know which open source components your software uses?” The answer is one that the open source community has begun to take seriously in recent years: the creation of Software Bills of Material (SBOM). SBOM specifies exactly which software libraries, routines, and other code were used in any program. Armed with this, you can examine which versions of components are used in your program. That way, if a security hole is found in a component, you can easily patch it. A reproducible build is one that always produces the same outputs with the same inputs so that the results of the build can be verified.

"Verified Reproducible Build is a process in which independent organizations produce builds from source code and verify that the results come from source code". Then, to further protect that your code is really what it claims to be, you need to authenticate and verify your SBOM using services such as the Codenotary Community Attestation Service and Tidelift Catalogs. Users, concerned about Solarwind-type disasters and log4j security issues, will demand it. Linux developers are working to further secure the operating system by making Rust Linux a different language. Why? Because, unlike C, the primary language of Linux, Rust is much safer in handling memory errors. No matter how the details unfold, one thing is for sure - providing code is becoming a major issue for Linux and open source developers in 2022.

We wrote about the events and offered some solutions for the Log4j situation. You can see what Log4j is and how to protect yourself at this link https://zexron.com/log4j-situation-now-how-can-we-protect-ourselves/.

People love Linux because it can be a little controlled. When someone knows Linux, it is easy for him to start programming. Because of the time that is coming, we all need to know to program. The Internet is changing day by day, and in order to keep up with it, we need to learn everything we can. Everyone should know Linux, we never know what happens next.