For the most part, 2020 was actually pretty good for open source. Enterprise-level companies embraced open source software even further, containers and the cloud became even more crucial to both businesses and consumers, the Linux community found a larger piece of the support pie from large manufacturers like Microsoft, and distributions continued to wow.
That doesn’t mean the year was full of celebrations, as there were some rather cringe-worthy moments. A good number of major open source projects suffered from poorly written or out of date documentation, DockerHub started throttling image downloads, etc.
There was, however, one particular issue open source faced in 2020 that will not only go down as a thorn in the side of the community for the year, but will probably haunt us moving forward.
What was that issue?
Since I started my Linux journey over 20 years ago, I have only experienced one instance of a Linux machine getting hacked. I believe that happened around 2006. The machine in question was an Ubuntu server for a hair salon that served up its website via WordPress and email via Sendmail. I was the admin of that server and I was absolutely certain it was safe. Little did I know…
By way of an out of date WordPress plugin, someone gained access to the server and installed a rootkit. No matter what I did, I couldn’t roll back the problem. My only recourse was to blow away the compromised OS and reinstall everything.
It was a humbling lesson. Until that day, I was certain the mere act of using Linux ensured my servers were safe from bad actors. Again, little did I know. A simple update to a single piece of open source software could have prevented that problem.
SEE: Linux commands for user management (TechRepublic Premium)
The rise of the vulnerability
We all knew this day would come. However, most of us had very powerful blinders covering our eyes, but the writing was on the wall. With more and more enterprise companies depending on open source software to build their backends and serve up web applications and services, a target had been drawn on the metaphorical backs of many projects.
This year pulled back those blinders and forced that reality upon us. Linux and open source have weaknesses.
More to the point, hackers are now specifically targeting open source software. No matter how secure the platform is, where there’s a hacker, there’s a way.
I’ve had a few conversations with bank employees lately that were rather enlightening. From those conversations, a single, grim conclusion has been drawn–hackers are better at what they do than security pros and developers are at what they do.
Hackers have more resources, more tools, more time, and more incentive to break into systems than developers and admins have the ability to lock down those systems. That’s not to say security admins and developers don’t know what they’re doing. They do. Many are incredibly brilliant at their jobs. But, hackers are a different breed altogether and their incentive is they don’t make money until they get the job done.
That’s a pretty big incentive.
It also translates to those hackers finding vulnerabilities in everything, including Linux–2020 was proof of that.
The above shortlist is just the celebrity vulnerabilities found in Linux. There were plenty of others that didn’t warrant a nickname, that may not have been quite as rampant and dangerous, but were still issues discovered within the Linux stack. You can view any number of CVE listings and see for yourself. For instance, take this listing of Linux kernel CVEs. There are plenty of them, many of which rate in the sevens (which is considered High).
The tipping point
Prior to 2020, Linux and open source vulnerabilities were pretty easy to shrug off as anomalies. Sure they happened, but we all knew it was a passing phase and that Linux vulnerability couldn’t possibly be on the same level as Windows.
It isn’t… yet.
Within the realm of enterprise business, Linux and open source have become the foundation for which everything is built. That means only one thing: Hackers are going to hack. Linux will be their target for the foreseeable future–there is no getting around that.
The truth is, Linux and open source were already standing on that precipice for some time and 2020 only served to tip it over the edge.
All is not lost
For all this doom and gloom speak, there is hope. After all, this is Linux and open source. The silver lining is that the very nature of open source means the code is available for a world of engineers to vet. With this growing rise of attacks on Linux, you can bet those developers will take heed the shot sent across the bow of the USS Open Source.
Linux and open source have some of the best developers in the world. Those vulnerabilities will be found and patched faster than you can say “proprietary.”
If 2020 has taught us a lesson, it’s to never take anything for granted, even the security of Linux and open source. Let’s take that lesson into the future and develop stronger software and build even more secure systems.
Besides, there’s only a month and a half left in 2020. What more can happen?
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.