Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
blog comments powered by Disqus
virtualization.info Newest articles
July 19th, 2016
Yesterday IBM announced its results for Q2 2016.
If we compare with the same quarter in 2015 earnings per share, from continuing operations, decreased 22%. Net income, from continuing operations,…
June 24th, 2016
Red Hat announced its financial results for the first quarter of fiscal year 2017.
Total revenue for the first quarter was $568 million, with an increase of 18% from the…
June 24th, 2016
Today Red Hat released in beta version 4.0 of its KVM-based virtualization platform Red Hat Enterprise Virtualization (RHEV).
As a major release RHEV 4.0 ships a wide series of enhancements including:
June 21st, 2016
virtualization.info has been following WhatMatrix since its inception and, after 6 months since the website has been launched, we are happy to report that its community is growing and contributing…
June 21st, 2016
DockerCon 2016 began yesterday in Seattle with a number of announcements from Docker and key partners.
Here is a quick summary of the day:
Docker 1.12 with built-in orchestration: starting…
June 14th, 2016
Yesterday, Bellevue (WA) based company WinDocks, released a free edition of its homonymous port of the Docker daemon to Windows called WinDocks Community Edition.
The company, founded by a small…
May 12th, 2016
Containers’ security is one of the emerging topics in those companies moving this technology into production. A few small players emerged to compete exclusively in this portion of the…
May 3rd, 2016
RightScale is a Santa Barbara, CA based company, provider of a Software as a Service (SaaS) management solution that so far only supported standard Infrastructure as a Service (IaaS) cloud…
April 5th, 2016
Yesterday, Bellevue (WA) based company WinDocks, released version 1.0 of its homonymous Docker engine for Windows.
The company, founded by a small group of former Microsoft’s employees, rides Docker’s…
March 17th, 2016
LANDesk Software, founded in 1985 and headquartered in Salt Lake City, Utah , provides systems management, security management, service management, asset management and process management solutions with a strong focus…
March 15th, 2016
Last week open source giant Red Hat announced the availability of version 3.6 of its KVM-based virtualization platform Red Hat Enterprise Virtualization (RHEV).
While this new release provides the expected…
March 4th, 2016
Yesterday Docker announced to have acquired a semi-stealth startup called Conductant, focused on workloads orchestration.
Both Conductant’s founders, Bill Farner and David Chung, have significant enterprise experience coming from…
March 1st, 2016
Today Cisco announced the intent to acquire CliQr Technologies Inc., a privately held company based in San Jose, CA.
CliQr is one of the most promising startups in the Cloud…
February 11th, 2016
Yesterday VMware announced version 7 of both its vCloud and vRealize suites, confirming its efforts to be relevant in the CMPs (Cloud Management Platforms) space.
vRealize Suite 7 is made…