Re: Almost every iOS & macOS app has had huge vulnerabilities for over a decade

On 2024-07-04, Andrew <andrew@spam.net> wrote:

Jolly Roger wrote on 3 Jul 2024 18:39:21 GMT :
>

I�ve always heard open source software is better because people can
actually find vulnerabilities or back doors in them to report.

 
That might be true if people didn't find and fix vulnerabilities in
closed-source software every day.

>
Why do you think Apple never noticed the vulnerabilities in over a
decade?

Answer: Because the vulnerabilities weren't in Apple software but in a
repository system used by app developers, which is the same reason an
enormous number of open source vulnerabilities remain unpatched for 10
years and longer:

Open source vulnerabilities remain unpatched for decades
<https://www.itweb.co.za/article/open-source-vulnerabilities-remain-unpatched-for-decades/wbrpO7gPwGdMDLZn>
---
A new report reveals an enormous number of identified open source
vulnerabilities remain unpatched for 10 years and longer, often because
organisations have no idea what open source code they are using.
.
.
.
With software developers routinely taking code from open source
repositories to embed in their company's products to speed up the
development process, saving time and money, manually tracking
components, their versions and their vulnerabilities is way beyond the
capabilities of most organisations.

The report recommends all organisations invest in an automated solution
for identifying and patching known vulnerabilities. "You can't patch
software if you don't know you are using it," the authors point out.
---

This isn't the "gotcha" you think it is, little Arlen. It's not an
uncommon phenomenon, and is a problem on all platforms.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR