DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Top 11 Selenium Testing Misconceptions You Should Know
  • Top Microservices Testing Tools Testers Should Know About
  • A Continuous Testing Approach to Performance
  • How To Learn Software Development Without a Degree

Trending

  • Freedom to Code on Low-Code Platforms
  • Microservices With Apache Camel and Quarkus
  • Top 7 Best Practices DevSecOps Team Must Implement in the CI/CD Process
  • What Is Kubernetes RBAC and Why Do You Need It?
  1. DZone
  2. Popular
  3. Open Source
  4. Avoiding Open Source Development Mistakes with Test Management

Avoiding Open Source Development Mistakes with Test Management

Learn more about how you can use test management solutions and testing metrics to streamline the QA process and ensure open source standards.

Sanjay Zalavadia user avatar by
Sanjay Zalavadia
·
Aug. 24, 15 · Opinion
Like (2)
Save
Tweet
Share
1.70K Views

Join the DZone community and get the full member experience.

Join For Free

The open source GnuTLS cryptographic library is in the news again for a security flaw that could put many Linux distribution users at risk from attack. The issue comes just a few months after the Heartbleed flaw in OpenSSL enabled the surveillance and theft of server transmissions. It is also the second major setback for GnuTLS this year, following an SSL/TLS bypass exploit discovered in early March.

Open source software development has unique risks. Many developers, covering a full range of skill levels, contribute to projects, but there is often minimal incentive, financially or otherwise, to constantly vet code for security risks. Issues are often discovered after the fact. Enterprises can avoid a similar situation by using a commercial test management solution and testing metrics to streamline quality assurance processes and ensure efficient collaboration.

GnuTLS Bug Can Mess Up HTTPS Requests

The new GnuTLS bug was discovered in late May and has already been patched. However, due to the hundreds of distributions that rely on it and the respective ways in which they implement it, it may take time for them fix to make the rounds and issue to subside.

On a technical level, the flaw enables delivery of malicious data during establishment of HTTPS connections, which could then result in arbitrary execution of code. Overall, users of unpatched GnuTLS implementations could be vulnerable to drive-by attacks that would give off no signs, other than possibly a crash, that a hijacking was under way.

"A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake," stated a post on Red Hat Bug Tracker. "A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or possibly execute arbitrary code."

It is unknown whether the bug has been in the GnuTLS for some time or introduced only recently. The GnuTLS vulnerability that was brought to light last March may have been present for almost nine years, underscoring the potential for major flaws to go undetected even in large-scale open source projects. That one enabled makers of counterfeit certificates to get GnuTLS to deem them legitimate.

Beyond GnuTLS and Heartbleed, the creators of open source TrueCrypt recently posted a warning that their library was no longer secure. Major projects such as Network Time Protocol, OpenSSL and OpenSSH, while vital to general Internet security, have historically been underfunded, creating risks of issues going unaddressed due to constraints on time and finances. Both Network Time Protocol and OpenSSL have been subject to targeted exploitation this year. It is instances like these that bolster the argument that having a commercial testing system and testing metrics is inevitable

Continuous collaboration is indeed vital to the product development and software testing industry’s well being; which is why it definitely needs a solid technical and procedural underpinnings. It is important to note that only a robust test management system which facilitates easy reuse of scenarios, as well as integration with a wide range of tools via APIs, make coordination of projects highly efficient.

Open source Test management Testing Software development

Opinions expressed by DZone contributors are their own.

Related

  • Top 11 Selenium Testing Misconceptions You Should Know
  • Top Microservices Testing Tools Testers Should Know About
  • A Continuous Testing Approach to Performance
  • How To Learn Software Development Without a Degree

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: