Tag Archives: legal

A Note about Third-Party Components in ArcaOS

You may be aware of the recent massive Equifax security breach and the Company’s explanation surrounding a vulnerability in Apache Struts (CVE-2017-5638) disclosed by US CERT in early March 2017. Some reports have implied that the company has somehow blamed Apache Software Foundation for the breach, specifically by not moving quickly enough to address the security flaw. Apache has responded to these allegations clearly and concisely. In light of this incident, we thought this a good opportunity to help provide some clarity concerning third-party work and open source components, in general, as they pertain to ArcaOS and Arca Noae’s position regarding their fitness for use, and who is ultimately responsible to maintain his or her or, in the case of enterprise use, its own systems.

Arca Noae includes several components in ArcaOS developed by reputable third parties, including IBM, Apple, and others. Some of these components are open source, as well, meaning that the code for compiling these components into machine-readable form is freely available to the public. Open source software is often more secure than proprietary software, by nature of the fact that many (sometimes thousands) of developers around the world contribute to the code. This (often massive) group effort allows such projects to react quickly when flaws are discovered, and to work to constantly monitor and maintain the software. However, whether proprietary or open source, Arca Noae may have no control whatsoever over these components, inherent flaws, or as-yet-undisclosed security issues.

It is Arca Noae’s position that each ArcaOS licensee (whether an individual or an enterprise) bears the sole responsibility to consider his or her or its own interests and security. While we do what is within the realm of reasonable possibility to stay abreast of current trends and vulnerability disclosures (CVEs), we cannot guarantee that all issues will be identified and/or reported to our users by us. Thus, best practices dictate that each user remain vigilant and aware of the connected ecosystem in which we live and to take steps to mitigate his or her or its own risks.

Arca Noae welcomes reports from our users of disclosed and non-disclosed vulnerabilities. While we normally encourage our users to avail themselves of our Mantis ticketing system to report issues, those of a sensitive nature (such as an as-yet-undisclosed or little-known security flaw in a bundled component) should be reported through our contact page.

We would also like to take this opportunity to remind all of our ArcaOS licensees that ArcaOS does not utilize telemetry of any kind to communicate with us. We firmly believe that when a user licenses a copy of ArcaOS, his or her or its data should remain on the system as directed by the user, shared only by the user, and with the user’s full knowledge and consent.

The next exciting update to ArcaOS 5.0 is in the making, too. Watch the Arca Noae blog for a release announcement in the coming weeks.

Arca Noae and Serenity Systems International

For immediate release:

Leesburg, Virginia, USA

Arca Noae, LLC, a Delware-based Limited Liability Company, is pleased to announce the acquisition of the remaining assets of Serenity Systems International, including its domain name. The site is now hosted on the same servers hosting arcanoae.com, the Company history on the About page has been updated, and the links on the main page have also been modified to be more relevant.

We are happy to continue Serenity Systems’ tradition of providing value to OS/2 and eComStation users, whether they be individuals or businesses, and we look forward to welcoming Serenity Systems’ customers to our subscription services.

End of press release.

Privacy Policy Update

In response to visitor feedback, we have clarified the portion of our Privacy Policy concerning use of Google technologies.

To summarize, while we have not knowingly enabled any Google technologies on our site, such technologies may be enabled by third-party components which we employ and of which we may be unaware. If we do choose to employ any such technologies, or if we become aware of a third-party component which utilizes them, we will take reasonable steps to provide advance notification.

We invite you to revisit our Privacy Policy and provide us with your comments.

Privacy & Acceptable Use Policies

We at Arca Noae are firm believers in protecting your data while accessing any of our hosted services. This is especially true of your online shopping experience. You should know that we employ up-to-date builds of software technologies designed to keep your information secure while visiting us. We invite you to read our Privacy Policy and our Acceptable Use Policy, and know that we stand behind our words.