We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
It’s been more than a month since Elon Musk announced his intentions Open source of Twitter algorithm To increase the transparency of the platform’s use of Artificial Intelligence (AI) and Machine Learning (ML) to promote or demote posts.
The decision has sparked a lively debate on all sides, as well as in the security industry, where experts are divided over whether the open source of the algorithm will be a clear positive for security.
According to critics, Musk’s idea of open source Twitter could highlight vulnerabilities at the level of Log4Shell and Spring4Shell. However, for supporters, the decision could also increase the security of the platform.
Worse: Attackers may have a chance to find entry points
One of the biggest security risks of making the code open-source is that it provides vulnerable artists with the opportunity to analyze it for security vulnerabilities.
“Open[ing] Twitter’s recommended algorithms are two-edged sword. A closer look at the code may promote better security, but it also opens the door for malicious researchers to gain insights they don’t normally have, “said Mike Parkin, senior technical engineer at Vulcan Cyber.
As a cyber risk management expert, Parkin suggests that opening a recommendation algorithm could enable more dissemination of “inaccurate information” on the platform as interested parties learn to tamper with it and sidestep intermediary checks and balances – while allowing users multiple platforms Returns versions to patch.
Good: Increase transparency to minimize vulnerabilities
On the other side of the debate, other analysts and security experts recommend that increasing transparency on the platform is positive, as it gives the platform’s user base a chance to play a role in vulnerability management.
Instead of Twitter having a small team of researchers managing vulnerabilities, unlocking the code could potentially get them support from thousands of users, which could help improve the platform’s security and integrity.
“When looking for vulnerabilities in the software, access to the source code corresponds to the factor having access to the MRA when diagnosing the disease. Casey Ellis, founder and CTO of Bugcrode, said the ‘inside-out’ view will always be more useful and complete than just the view from the outside. “We’ve always seen this in crowdsourced security testing, and the security benefit for Twitter will be a more thorough response from the crowd around the issues that need to be fixed.”
Ellis adds that while it provides attackers with an opportunity to identify vulnerabilities, security vulnerabilities, whether positive or negative, will come down to Twitter’s vulnerability to investing information and correcting vulnerabilities before it is exploited.
How ventures can help reduce risks
While it is unclear what effect open source sourcing of algorithms will have, there are some simple steps that organizations can take to help reduce the risks.
Tim McKee, chief security strategist at Synopsys Software Integrity Group, believes open-source governance programs can help address risks more effectively.
“Businesses can mitigate some of these risks by identifying which open-source components are empowering Twitter open-source technologies and then implementing open-source governance programs for them,” McKee said. “Such a program would actively monitor for new vulnerability disclosures for these components, and enable businesses to respond quickly to a change in risk. This is similar to the proactive model that some businesses use to reduce their exposure to Log4Shell vulnerabilities.
Mackie recommends that the enterprise implement an open-source governance program for open-source components that power Twitter’s technologies, to actively monitor for new vulnerability ads so that security teams are ready to address them.
Venturebeat’s mission Digital Town Square is about to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.