
After Equifax Breach, Companies Advised to Review Open-Source Software Code - rhapsodic
https://blogs.wsj.com/riskandcompliance/2017/09/19/after-equifax-breach-companies-advised-to-review-open-source-software-code/
======
iamNumber4
Companies should also review their passwords to make sure there not something
dumb like username: admin password: admin.

It's also a good idea to review your staff to make sure your chief security
officer has a degree in security or related computer science degree.

The breach was because of a weak password, which allowed the criminals to get
a foot hold to gather more information, then from the overseas servers secured
by admin:admin get access to the US servers because the server urls and
passwords, keys, etc... were stored in portals accessible by the servers
outside the u.s.

Also don't create the equivalent of a virtual post-it-note under the keyboard
by storing private keys, user names, and passwords in accessible on-line
systems. Private means private/secured not on the Internet.

so... yes, review the code, which you can because you have access to the
source code, because it is open source. Also dump any proprietary software you
don't have the source code for because you can't audit the code.

