Cybercriminals targeting free and open source software continue to rattle developers and consumers, with high-profile attacks hitting security flaws that should have been resolved. Specifically, the Heartbleed and Shellshock exploits have led to an increased demand from private companies and the U.S. government to step up programming assistance, but that hasn't been well received among many open source developers. However, it has provided a much-needed wakeup call that open source software should be monitored more closely to prevent such high-profile breaches.
"It's going to be a wake-up call for a lot of people to understand why we aren't auditing this software better," said Greg Martin, Threat Stream Inc founder and chief technology officer. "Everybody's been scratching their heads and saying, 'How could we miss this?'"
Hackers are increasingly organized - and well-funded - and that has made it difficult to defend against attacks, especially open source software. In theory, open source software provides a much larger pool of developers to help fix flaws, but others say proprietary software is more secure since the code is closed off from the public.
Either way, there is an industrywide need to work to shut out hackers from accessing such high-profile security incidents in the future.