Cybersecurity and open source: the Heartbleed electroshock “hasn't changed much”

Seven years later, the same mistakes

Cybersécurité et open source : l’électrochoc Heartbleed « n’a pas changé grand chose »

Credits: Sébastien Gavois

Sébastien Gavois

By Sébastien Gavois

Wednesday 20 October 20 at 13:

During the B.Boost show in La Rochelle – dedicated to free software and open source – several conferences spoke about cybersecurity. More than seven years after the painful Heartbleed episode of OpenSSL, we investigated whether attitudes had changed.

In today’s world, cyber attacks are increasing at high speed; all companies and institutions are involved or will one day be, it is only a matter of time. For Henri Verdier, Ambassador for Digital Affairs, “ the next world war will begin with a cyber attack ”.

We obviously have to hope that we will never get there, but we must all the same take this threat seriously. Open source is an interesting approach, because “ vulnerabilities are easier to detect when you open the code: anyone can look, while if you have a closed code there are basically only the bad guys who can watch

”, explained one speaker. Despite everything, this is not a guarantee of absolute security, far from it.

Monitor trusted third parties

Olivier Grall, ANSSI digital security delegate in the New Aquitaine region, begins with a few salutary reminders: “ you store your data with trusted third parties and you assume that they ensure its security ”… But is this still the case? No, especially since there is the notion of confidentiality and that of sustainability as some have discovered with loss and crash following the OVHcloud fire at the beginning of the year.

Back to top button