About Us

About Cabling Installation & Maintenance

Our mission: Bringing practical business and technical intelligence to today's structured cabling professionals

For more than 30 years, Cabling Installation & Maintenance has provided useful, practical information to professionals responsible for the specification, design, installation and management of structured cabling systems serving enterprise, data center and other environments. These professionals are challenged to stay informed of constantly evolving standards, system-design and installation approaches, product and system capabilities, technologies, as well as applications that rely on high-performance structured cabling systems. Our editors synthesize these complex issues into multiple information products. This portfolio of information products provides concrete detail that improves the efficiency of day-to-day operations, and equips cabling professionals with the perspective that enables strategic planning for networks’ optimum long-term performance.

Throughout our annual magazine, weekly email newsletters and 24/7/365 website, Cabling Installation & Maintenance digs into the essential topics our audience focuses on.

  • Design, Installation and Testing: We explain the bottom-up design of cabling systems, from case histories of actual projects to solutions for specific problems or aspects of the design process. We also look at specific installations using a case-history approach to highlight challenging problems, solutions and unique features. Additionally, we examine evolving test-and-measurement technologies and techniques designed to address the standards-governed and practical-use performance requirements of cabling systems.
  • Technology: We evaluate product innovations and technology trends as they impact a particular product class through interviews with manufacturers, installers and users, as well as contributed articles from subject-matter experts.
  • Data Center: Cabling Installation & Maintenance takes an in-depth look at design and installation workmanship issues as well as the unique technology being deployed specifically for data centers.
  • Physical Security: Focusing on the areas in which security and IT—and the infrastructure for both—interlock and overlap, we pay specific attention to Internet Protocol’s influence over the development of security applications.
  • Standards: Tracking the activities of North American and international standards-making organizations, we provide updates on specifications that are in-progress, looking forward to how they will affect cabling-system design and installation. We also produce articles explaining the practical aspects of designing and installing cabling systems in accordance with the specifications of established standards.

Cabling Installation & Maintenance is published by Endeavor Business Media, a division of EndeavorB2B.

Contact Cabling Installation & Maintenance

Editorial

Patrick McLaughlin

Serena Aburahma

Advertising and Sponsorship Sales

Peter Fretty - Vice President, Market Leader

Tim Carli - Business Development Manager

Brayden Hudspeth - Sales Development Representative

Subscriptions and Memberships

Subscribe to our newsletters and manage your subscriptions

Feedback/Problems

Send a message to our general in-box

 

My Watchlist
Indicators
Cabling Market Index
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

Danger of Open-source Software

By: Syndication Cloud

Originally Posted On: https://blog.axellio.com/danger-of-open-source-software

 

The Danger of Open-source Software

In part two of the “Two Factors that Affect Software Security” blog series, we’ll dive deeper into open-source software (OSS). OSS has become very popular these days. However, as with most things, there is a “trade-off curve”. While the use of OSS can drive down product creation costs and improve time to market, software security and product integrity risks increase substantially with its use. This is because of one fundamental error in thinking – that the OSS components will have been properly and rigorously reviewed by “others.” Often, this is probably not the case for the same reason that this engineering team wants to use OSS in the first place – they don’t have time to create and rigorously test code; and are hoping others have done it for them. This is why the dependence on OSS is creating real concerns about national security and data privacy. 

A Dark Reading article from 2022 showed that the idea of rigorous testing isn’t true. Researchers at Johns Hopkins University conducted a study on a popular library of code called Node.js. They discovered 180 zero-day vulnerabilities across the Node.js libraries they examined. There were several security vulnerabilities including injection flaws and cross-site scripting. Seventy of the flaws were assigned their own common vulnerabilities and exposures (CVE) identifier.   

Another example is the Log4Shell vulnerability that was found in the Log4j library in 2021. The Apache Log4j is a popular Java library for logging error messages in applications. The vulnerability, originally published as CVE-2021-44228, ended up having three more related vulnerabilities. Again, just because a piece of software was reviewed by a group, doesn’t mean it’s safe.

A Synopsis 2024 Open Source Security and Risk Analysis Report found even more bad news. Here are some highlights: 

  • 84% of codebases assessed for risk contained vulnerabilities 
  • 74% of codebases assessed for risk contained high-risk vulnerabilities 
  • 91% of codebases contain components that have had no new development in over two years 
  • 91% of the codebases assessed for risk contained components that were 10 versions or more behind the most current version of the component 
  • 89% of codebases contain OSS that is more than 4 years out of date 
  • The average number of open-source components in a given application this year was 526 
  • 54% increase in codebases containing high-risk vulnerabilities over the past year was found 
  • 14% of the codebases assessed for risk contained vulnerabilities older than 10 years 

A key point exposed by the Synopsis report is the update process for OSS code. What happens to the code after a year, two years, and more. Does anyone go back and update it to eliminate (or at least reduce) software vulnerabilities? While there are some examples of this, the Synopsis report found that 91% of codebases contain components that did not have any new development updates in over two years. The report did show that the number improved by 2 points (dropping to 89%) for code that was 4 years or so out of date.

So, based upon the Synopsis results, there is clear concern with the use of OSS. Especially since the National Bureau of Economic Research estimates that over 90% of Fortune 500 companies are actively using OSS. This potentially puts a lot of American enterprises, and the US government buying those solutions, at a heavy risk for hidden security and operational flaws. In fact, OWASP is so concerned that we still lack a holistic approach to OSS risk management that encompasses security, legal, and operational aspects that they created a top 10 list of security and operational issues associated with the use of OSS. 

These facts and figures should make any purchasing team nervous. While the vendor may sign off on their software, if they are using OSS, there’s a chance your network could be compromised in the future. One of the best ways to avoid the situation is to buy software solutions that do not heavily rely on OSS. While a usage of 0% OSS is technically possible, you will be hard pressed to find a manufacturer that does not use any OSS. 

A reduced OSS dependency plan gives you two clear benefits. First, you have a substantial possibility of reducing your security risk by not using potentially compromised software. Second, bad actors are generally less inclined to spend time trying to attack proprietary code. There is little in it for them. It takes a lot of time to analyze the code for defects; and even harder for them to get their hands on proprietary code in the first place. It’s so much easier to analyze OSS for flaws, then find products using that OSS, and then attack multiple company products that use that same code. Once they have found an OSS defect, they can literally attack 5, 10, or more products by exploiting the one or two defects that they find in the OSS code. 

Axellio uses United States citizen workers and does not overly rely on the use of open-source code. Axellio carefully manages its use of open-source components and rigorously tests and evaluates the code used to reduce exposure to vulnerabilities. If you want additional information, check out this sales brief.

More News

View More
Tesla: 2 Reasons to Love Musk's $1B Buy, 1 Reason to Be Bearish
Via MarketBeat
Tickers TSLA
Azure Leads While AI Excitement Fuels Microsoft Stock
Via MarketBeat
Topics Artificial Intelligence Economy
Tickers MSFT
Darden Restaurants: A Textbook Buy-the-Dip Opportunity
Via MarketBeat
Tickers DRI
Top 125 Family Businesses People Most Want to Work for in the U.S. [2025 Survey]
Via MarketBeat
Tickers AAPL
NIO's New Dawn: Why Wall Street's Bullish Turn Signals a Comeback
Via MarketBeat
Topics Electric Vehicles
Tickers NIO TSLA UBS
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.