Cybersecurity and open source: the Heartbleed electroshock “hasn't changed much”

Seven years later, the same mistakes
Credits: Sébastien Gavois
During the B.Boost show in La Rochelle – dedicated to free software and open source – several conferences spoke about cybersecurity. More than seven years after the painful Heartbleed episode of OpenSSL, we investigated whether attitudes had changed.
In today’s world, cyber attacks are increasing at high speed; all companies and institutions are involved or will one day be, it is only a matter of time. For Henri Verdier, Ambassador for Digital Affairs, “ the next world war will begin with a cyber attack ”.
We obviously have to hope that we will never get there, but we must all the same take this threat seriously. Open source is an interesting approach, because “ vulnerabilities are easier to detect when you open the code: anyone can look, while if you have a closed code there are basically only the bad guys who can watch
Monitor trusted third parties
Olivier Grall, ANSSI digital security delegate in the New Aquitaine region, begins with a few salutary reminders: “ you store your data with trusted third parties and you assume that they ensure its security ”… But is this still the case? No, especially since there is the notion of confidentiality and that of sustainability as some have discovered with loss and crash following the OVHcloud fire at the beginning of the year.
A computer data, that burns
2021
Thus, “ you have no visibility on who operates the data and what they do with it, whether they are French or foreigners ”. Olivier Grall cites the example of a financial manager of a very large company “ which has put up for sale the complete database of its customers on the darkweb to make some money (20 000 euros) ”. There is therefore no need for a cyber attack or to use a foreign service to endanger your data.