"Security holes are not uncommon in the software industry. But a
recent vulnerability discovered in a Red Hat (RHAT) Linux product
has refueled the debate over the security of open-source
"Internet Security Systems' research division discovered in
mid-April that Piranha, a collection of utilities used to
administer the Linux Virtual Server in the latest version of Red
Hat Linux, ships with a default password. If the password is not
reset, a malicious hacker could use it to make changes to Web pages
on the server and possibly bootstrap to other servers on the
network that might have vulnerabilities, says Chris Rouland,
director of the ISS research division that calls itself the
"ISS has since helped Red Hat fix the problem. The default
password was 'simply overlooked in quality assurance and not
removed,' Rouland says, adding that such oversights illustrate a
flaw in the security model of open-source software, in which many
independent developers adapt and add to the product's code."
"'There's limited quality assurance in the open-source
environment,' says Rouland, 'because open-source software is
basically a bunch of peoples' hobby.'"
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.