Reports are surfacing on “Spring Break” – a new critical remote code execution (RCE) vulnerability which is affecting Pivotal Spring frameworks including Spring Boot, the world’s most popular framework for building web applications.
Steve Giguere, EMEA Engineer at Synopsys’ Software Integrity Group, commented below, “This is another good example of where free and open source software (FOSS) management is essential.
Steve Giguere, EMEA Engineer at Synopsys’ Software Integrity Group:
“Not only would a FOSS analysis tool have found this vulnerability months before this official announcement (the CVE for this is dated January 4th 2018 – https://nvd.nist.gov/vuln/detail/CVE-2017-8046), but those using such a tool would have been alerted of the vulnerability in this framework hours after it was listed on NVD, as opposed to months later. Hackers are looking for low hanging fruit, and understanding how important the gap between the discovery of a serious defect and taking action is essential. Finding out as early as possible and fixing serious vulnerabilities in FOSS is critical to ensuring companies do not become the next headline.”