VMware Confirms Source Code Leak 109
Gunkerty Jeb writes "Purloined data and documents, including source code belonging to the U.S. software firm VMWare, continue to bubble up from the networks of a variety of compromised Chinese firms, according to 'Hardcore Charlie,' an anonymous hacker who has claimed responsibility for the hacks. In a statement on the VMWare Web site, Ian Mulholland, Director of VMWare's Security Response Center, said the company acknowledged that a source code file for its ESX product had been leaked online. In a phone interview, Mulholland told Threatpost the company was monitoring the situation and conducting an investigation into the incident."
Re:Wait, Vmware code stolen from China Military (Score:5, Informative)
VMWare routinely shares its source code with major customers, particularly those that need it to add support for new hardware. There's no reason to believe that there aren't companies in China who need it for those purposes too.
Re:Wait, Vmware code stolen from China Military (Score:5, Informative)
It's very common with government contracts for the vendor to supply the source code for an audit. If the vendor won't supply the source code they don't get the contract, because other vendors will be happy do this. It even happens with a lot of DoD contracts. I'm sure it happens in other parts of the US Government as well.
Ahh here comes the cloud hack! (Score:1, Informative)
I am waiting for my " I told you so!" moment.
Chinese contractors, Non Us Citizen contractors. Yes yes the cheapest bidders! As long as everyone is making thier 10% on thier stocks everyone is happy right?
Re:Wait, Vmware code stolen from China Military (Score:5, Informative)
Who modded this informative?
VMware has mostly proprietary products. What little open source they have is there only because they are forced to by their use of Linux in ESX.
All of their core products are completely closed source, and released as binary only.
They are about as open source as Microsoft.
Re:Wait, Vmware code stolen from China Military (Score:5, Informative)
Close enough to be accurate, but they do have some incidental open source content that isn't related at all to Linux kernel or userland. For example, their multiboot boot loader is open source and multiboot module boot has zero applicability to a linux system. But still none of the 'meat' of their products is open source, just things like administrative utilities and boot loader and other necessary fluff that provides no value for vmware..
Shouldn't matter in theory (Score:5, Informative)
No matter how well you understand how a piece of software is implemented, it shouldn't expose any sort of vulnerability. If VMWare legitimately has cause for concern, they were doing it wrong from the start.
While they have probably had viable reason to keep it closed (ESXi did enjoy a pretty secure technical advantage), it's probably approaching time for them to open source the hypervisor since there is now pretty viable competition from KVM and Xen nowadays. They currently are trying to hold their core technology capabilities hostage to force upsell into their management stack (e.g. the many features that are disabled except through vCenter that aren't really inherently requiring vCenter), but that strategy doesn't work when the prospective customers can jump ship pretty easily to less restrictive technologies.
Re:Wait, Vmware code stolen from China Military (Score:4, Informative)
They gave it when asked.
Proactively Shared:
They anticipated the request, and so shared before being asked.
Those are distinct and non-interchangeable meanings. There is no simpler word that has that exact meaning.