Some veddy interesting news on the cybersecurity front has reared its ugly head the last couple days.
First, VMware confirmed via CRN yesterday that proprietary source code from its ESX server hypervisor (server virtualization software) had been posted online, but in a blog post about the incident, the director of VMware’s Security Response Center said the posted code was created sometime in 2003 and 2004.
That raises questions as to relevance, according to CRN, with VMware explaining that “the fact that it has been made public does not necessarily put VMware customers at risk.”
Yet given the large number of providers that run vSphere, it could have “a broad and widespread impact.”
Here’s the blog post from VMware — for those potentially impacted, one to keep an eye on.
This just as the Obama Administration comes out against the current House cybersecurity bill entitled the “Cyber Intelligence Sharing and Protection Act,” or “CISPA,” a law proposed last November by U.S. Rep. Michael Rogers (R-MI) and 111 co-sponsors that would allow the voluntary sharing of attack and threat information between the U.S. Government and security cleared technology and manufacturing companies to try and ensure the security of networks against patterns of attack.
CISPA was reported out of committee on December 1, 2011, but has yet to be debated or brought to a vote.
The Electronic Frontier Foundation has also come out against the bill, concerned that the bill’s broad warnings would leave little protection for individual consumers and not provide effective judicial oversight for the types of monitoring the bill would allow.
If, in the meantime, you’re looking for some industry thought leadership on the topic of security, IBM’s own Marc Van Zadelhoff, the director of strategy for IBM’s still relatively new Security Solutions Division, look no further than this podcast interview (MP3, 17:45 minutes, 10.2 MB) where Marc provides extensive insight into IBM’s approach to security intelligence and compliance. You can also read a transcript here. (36.4KB, PDF)