VMware plays down risk of source code leak

Virtualisation giant VMware has confirmed that part of the source code for its ESX hypervisor has been leaked online, but insists it poses little risk to its customers.

The leak consists of a single file from the VMware ESX source code and is understood to have been posted on text sharing website Pastebin by known hacktivist Hardcore Charlie on 8 April.

In a post on the software vendor's website, Iain Mulholland, director of VMware's security response centre, said the code could date back to 2003 or 2004.

He also revealed that the firm became aware of the leak several days ago and acknowledged that more code could be leaked in future.

"The fact the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," said Mulholland.

"We take customer security seriously and have engaged internal and external resources, including our VMware security response centre to thoroughly investigate," he added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.