Rashin lafiyar tsaro a cikin software ta buɗewa wani lokacin ba'a gano shi ba fiye da shekaru hudu. Wannan shine ɗayan mahimman abubuwan binciken sabuwar Yankin rahoton Octoverse na GitHub kayan haɓaka kayan haɓakawa da tsarin gudanarwa.
Duk da haka, wannan bayani ba gaskiya bane, tun dangane da ci gaban fasaha kuma gaskiyar cewa a cikin recentan shekarun da yawa manyan kamfanoni da masu haɓakawa sun haɗu da software na buɗe ido, wannan ya ba da izini don haɓaka ci gaba cikin haɓaka dangane da ci gaba, ƙirƙirar kayan aikin gwaji da kuma gano yanayin rauni.
Kodayake har yanzu gaskiya ce rashin isassun kudade (wanda ke haifar da raguwar albarkatun mutane) shine mafi yawan lokuta cikas ga binciken da kuma gano wadannan raunin.
Zuciyar zuciya, alal misali, rauni ne na software wanda ke cikin laburaren rubutun kalmomin OpenSSL tun Maris 2012. Yana bawa maharin damar karanta ƙwaƙwalwar uwar garke ko abokin ciniki don murmurewa lokacin amfani da sadarwa tare da Yarjejeniyar Tsaro na Layer Jirgin Ruwa (TLS). Ba a gano aibin da ke shafar ayyukan Intanet da yawa ba sai a watan Maris na 2014 kuma an bayyana shi a cikin Afrilu 2014. Hakan ya bar tagar shekaru biyu ga masu satar bayanai don kai hari ga dubban sabobin.
Rashin lafiyar da ake zargi ya ƙare a cikin matattarar OpenSSL bisa kuskure bin shawarwari daga mai samar da agaji don gyara kwari da inganta fasali.
Laifin wannan nau'in (shigar da kuskure) wakiltar 83% na waɗanda aka gano a cikin ayyukan bude tushen da aka shirya akan GitHub. Koyaya, sabon Yanayin rahoton Octoverse ya faɗi cewa kashi 17% cikin haɗari ne da gangan suka gabatar ta ɓangare na uku.
Waɗannan su ne adadi waɗanda ya kamata a haɓaka da rahoton Risksense na kwanan nan wanda ya jaddada cewa ɓarna a cikin kayan buɗe ido koyaushe na girma. Ayyukan IT suna ƙaruwa ne bisa tushen buɗewa, wanda ke bayyana yawan sha'awar masu fashin kwamfuta a cikin filin.
Wani yanayin rauni zai iya lalata aikinku kuma ya haifar da manyan matsalolin tsaro. Koyaya, mafi yawan laulayin saboda kwari ne, ba mummunan hare-hare ba.
Ta hanyar dogaro da tushen buɗewa lokacin da zaku iya, ƙungiyar ku suna amfanuwa da duk gyaran da al'umma suka samu kuma suka gyara. Lokaci don daidaitawa muhimmin abu ne ga duk ƙungiyoyin DevOps
Samfurin kudi daga bude madogara yana daga cikin abubuwan da suke iya bayyana dalilin da ya sa raunin software Ba a san su ba yayin waɗannan mahimman lokuta. Tsarin Infrastructure Initiative (CII) ɗayan projectsan ƙididdigar ayyuka ne don tallafawa da tallafawa ayyukan software kyauta da buɗaɗɗen tushen software waɗanda ke da mahimmanci ga aikin Intanet da sauran manyan hanyoyin bayanai.
Yawancin ayyukan akan GitHub suna dogara ne akan software na tushen buɗewa. Wannan nazarin ya hada da wuraren bude bayanan jama'a tare da akalla gudummawa daya a kowane wata tsakanin 10.1.2019 da 30.09.2020.
Wannan karshen shine batun sanarwa bayan tsananin raunin Cutar da ke cikin OpenSSL wanda miliyoyin yanar gizo ke amfani dashi. Matsala: CII ya dogara ne da gudummawa daga fitattun 'yan wasa a cikin duniyar kayan masarufi. Facebook, VMWare, Microsoft, Comcast, da Oracle (don kawai sunayen waɗannan kamfanonin) suna ba da gudummawar Gidauniyar Linux, don haka ayyukan kamar Central Infrastructure Initiative (CII).
Wannan yana basu kujeru akan allon yanke shawara daban-daban sabili da haka wasu iko akan abin da ke faruwa a fagen buɗe tushen tushe. Bryan Lunduke, wani tsohon memban HukumarSSUSE Board, ya tattauna game da wannan yanayin sosai.
Sakamakon nan da nan shine ayyukan buɗe ido waɗanda ke cin gajiyar kuɗi su ne wadanda tushen abubuwan more rayuwa suka dogara da su.
A ƙarshe, idan kuna sha'awar ƙarin sani game da shi, zaku iya tuntuɓar gidan yanar gizon da ke gaba inda zaku iya samun rahotannin da aka tattara.