The rise of bug bounties in recent years has created an incentive for hackers to hunt for vulnerabilities in a lot of software and services. But what about those software projects that can’t pay bounties, because they are developed by volunteers?
Thankfully, some researchers are devoting their time to such projects and to helping them find vulnerabilities before those with malign intents abuse them.
Today, we publish a
paper
(also available as
PDF
) by Andreas Lindh, a security researcher for
Recurity Labs
, who found a remote code execution vulnerability in
Apache OpenMeetings
, an open source software project for various kinds of collaborations.
Andreas disclosed the vulnerability responsibly to the
OpenMeetings
developers, who swiftly patched the flaw, before the research was published. Hopefully others will learn from the mistakes made.
This article was previously published on
Andreas’s blog
, where he has also published other responsibly disclosed vulnerabilities in
open source projects
, including one in
Apache Jetspeed
earlier this month
.
Leave a Reply