About the Log4j security breach and Caldera’s use of open-source technologies
December 21, 2021
On December 9, 2021, a vulnerability was reported for systems running Apache Log4j version 2.14.1 or below – the CVE-2021-44228, dubbed “Log4Shell”. We wish to assure all our customers and partners that Caldera solutions do not use Log4j, either in our codes or in any third-party code, so we are not affected by this vulnerability. However, we wanted to take the opportunity to discuss the use of open-source technologies in our solutions, and how we work to improve the security of our users.
What is an open-source software?
The open-source model is a decentralized software development model that encourages open collaboration, to encourage innovation and improvement. Open source means that the original code is not encrypted in any form, and that any user could modify the code to their requirement. There are many benefits to open-source, including lower software costs, abundant support from the community, the ability to scale and consolidate— and many more.
However, it’s important to keep in mind that open-source software are not necessarily free to use, and not necessarily compatible with all OS. The definition of open-source software is “free” in the sense of giving freedom to those who use it.
Open-source technologies are used by a large community contributing to improving it over time, which is why most vulnerabilities are detected and fixed quickly, for the sake of the majority. For example, the above-mentioned Apache Log4j is an open-source logging library used in millions of Java projects, including a substantial percentage of enterprise applications and cloud services.
To summarize, open source is guided by a spirit of collaboration, and companies benefiting from open sources technologies should also give back to the community.
Caldera and the use of open-source technologies
Caldera does not rely on the Java language, so we are not affected by the Log4Shell security breach. However, we rely on other open-source technologies to provide the best possible experience for our users, and to contribute to the open-source community.
Arnaud Fabre, Product Manager at Caldera, says “Using quality programs that have already been developed, tested, and backed by the community or third-party companies allows us to focus on innovating, and adding value to our systems. For example, we rely on Artifex’s Ghostscript PDF/PS engine, which is a way to pay dedicated developers working on an open-source project.
He continues: “Within the Caldera team, we have several Linux and open-source experts who regularly contribute to the community online. We actively encourage them to have contracts with local universities to train the developers and open sources contributors of tomorrow. Moreover, by developing software for Linux, we impact our community in using open-source technologies themselves. And finally, we invest on several open-source technologies such as GitLab to improve our internal processes at Caldera.”
How does Caldera work to improve your security?
Caldera is committed to providing products and services that meet your production needs, both in terms of efficiency and security requirements.
Some examples of security features:
- The support of reliable platforms (Linux & macOS) to minimize risks
- The possibility to lock usage for Admins (root or sudo users)
- The possibility to lock local usage (with passwords on EasyMedia)
Moreover, our support and maintenance plan CalderaCare helps our users stay up to date with all the latest updates and improvements, so that you can produce with peace of mind. Learn more about CalderaCare.