Aggregator

LGPL 授权代码用 AI 重写后改用 MIT 授权

Solidot
3 weeks 6 days ago
重新授权开源项目的许可协议在开源领域是非常困难的,因为这通常需要所有曾贡献过一行代码的人一致同意,这对历史悠久的项目而言是几乎不可能完成的任务。Python 字符编码检测器项目 chardet 移植自用 C++ 开发的 Mozilla 项目,采用了与原项目相同的 LGPL 许可证,LGPL 许可对商业使用不是太友好。维护者最近在 Claude Code 的帮助下重写了库发布了 v7.0.0 版本,将许可协议从 LGPL 更改为 MIT。项目原作者 a2mark 认为此举构成了潜在的 GPL 违反,因为开发者已经接触过原代码,并非是净室实现,因此完全重写代码的说法是没有意义的。

Pear

Dark Feed IO
3 weeks 6 days ago

You must login to view this content

cohenido

CVE-2026-2330 | SICK Lector85x/Lector83x up to 2.7.x CROWN REST Interface file access

VulDB Recent Entries
3 weeks 6 days ago
A vulnerability, which was classified as critical, was found in SICK Lector85x and Lector83x up to 2.7.x. This affects an unknown part of the component CROWN REST Interface. The manipulation results in files or directories accessible. This vulnerability was named CVE-2026-2330. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.
vuldb.com

The MSP Guide to Using AI-Powered Risk Management to Scale Cybersecurity

The Hackers News
3 weeks 6 days ago
Scaling cybersecurity services as an MSP or MSSP requires technical expertise and a business model that delivers measurable value at scale. Risk-based cybersecurity is the foundation of that model. When done right, it builds client trust, increases upsell opportunities, and drives recurring revenue. But to deliver this consistently and efficiently, you need the right technology and processes.
The Hacker News

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

The Hackers News
3 weeks 6 days ago
New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to a state-sponsored hacking group called MuddyWater (aka Seedworm). It's affiliated with the Iranian
The Hacker News

Hexnode IdP brings device-aware authentication and zero trust to enterprise access

Help Net Security
3 weeks 6 days ago

Hexnode has announced the launch of Hexnode IdP. By introducing this native identity layer, Hexnode delivers enterprise-grade authentication and identity management within a single, unified framework. While debuting as a dedicated Identity Provider (IdP), the solution marks a significant expansion of the Hexnode ecosystem, acting as a comprehensive identity engine that integrates directly into the Hexnode UEM fabric. This integration enables organizations to leverage Hexnode’s proprietary Device Trust Engine to enforce context-aware policies based on … More →

The post Hexnode IdP brings device-aware authentication and zero trust to enterprise access appeared first on Help Net Security.

Industry News

观点 | 汽车数据出境新规实施面临的挑战与应对策略

中国信息安全
3 weeks 6 days ago
2月3日,工业和信息化部等八部门联合发布《汽车数据出境安全指引(2026版)》,标志着我国在智能网联汽车数据跨境流动治理方面迈出关键一步。这项新规既是对数据安全法、个人信息保护法等法律的行业化落地,也是应对汽车产业全球化与数据安全挑战的重要方式。

Managed ad