Developer – Formes http://formes.asia/ Mon, 27 Jun 2022 17:52:44 +0000 en-US hourly 1 https://wordpress.org/?v=5.9.3 https://formes.asia/wp-content/uploads/2021/06/icon-1-150x150.png Developer – Formes http://formes.asia/ 32 32 Bitcraft Developer Unwilling To Trade Fun Game For NFT Profits, Though “Bit” Is In The MMORPG’s Name https://formes.asia/bitcraft-developer-unwilling-to-trade-fun-game-for-nft-profits-though-bit-is-in-the-mmorpgs-name/ Mon, 27 Jun 2022 17:52:44 +0000 https://formes.asia/bitcraft-developer-unwilling-to-trade-fun-game-for-nft-profits-though-bit-is-in-the-mmorpgs-name/ If you’re a gamer – or anyone who hangs out on the internet, at this point – you’re certainly aware of cryptocurrency and NFTs. This is especially true lately, as developer after developer toss around the idea of ​​jumping on the NFT bandwagon or actually get on with it, despite the opinions of their players. […]]]>

If you’re a gamer – or anyone who hangs out on the internet, at this point – you’re certainly aware of cryptocurrency and NFTs. This is especially true lately, as developer after developer toss around the idea of ​​jumping on the NFT bandwagon or actually get on with it, despite the opinions of their players.

Sometimes players even assume that a newer game will launch with some sort of crypto/NFT system based on things like the name of the game. One such case is Bitcraft, the community sandbox game from Clockwork Labs. (The entire sandbox probably gave the idea credence, too.) But, it turns out the developer isn’t interested in joining other companies in their NFT frenzy. In fact, one of the game’s co-founders wrote quite a lengthy article on NFTs and crypto, taking the time to not only explain what they are – because there’s still a lot of confusion about it – but also what they really feed on and why it’s not great for games.

We’ve had a lot of “simplified” explanations of how crypto works and what it really is, but this article spells it out in a way that should make sense to everyone. For one, it dispenses with sarcasm and gets back to basics – those basics being that crypto and NFTs are a very specific type of spreadsheet with very defined rules. People who own crypto or NFTs really only own one row on this spreadsheet. There are a few differences between the two, but that’s really it. You own a row in a spreadsheet.

The other thing Clockwork wants people to understand is that these two things really work on the fear of missing out. Either you’re an individual who’s afraid of missing out on a chance to get rich, or you’re a game developer who’s afraid of missing out on that supposed audience that will – too – make you rich. The problem is that it manipulates people. The problem with that in the world of game development is that it changes games from something that should be fun to something that’s a bit stressful… less “game” and more speculation. Bitcraft developers watched other companies do this and spotted a pattern.

The developers announce that they are creating an NFT game. The players protest. Developers are ignoring players and doing it anyway. People who don’t really play games get in and do all the NFT stuff. The players are not actually playing the game. The developers decide that the game needs more NFTs to attract players and the game suffocates.

The good news for potential Bitcraft fans is that they see this and see the results go against their real goals. They want a game that will last a long time (and be fun) rather than what they get when you make a game that revolves around NFT speculation. So if you’ve been watching Bitcraft but are suspicious, you can relax a bit.

If you’re still worried, I suggest you read Clockwork’s full post on Medium. It is an interesting read.

Square Enix announces closure of long-running but barely known fantasy MMORPG Earth Zero

V Rising debut

Blizzard delays Diablo Immortal launch in China after apparently getting blocked on social media platform Weibo

Lost Ark June Update Won't Release On Time As Players Worried About Monetization

]]>
Pokémon Go developer Niantic says it’s better at spotting cheaters and is ‘stepping up’ the app https://formes.asia/pokemon-go-developer-niantic-says-its-better-at-spotting-cheaters-and-is-stepping-up-the-app/ Sat, 25 Jun 2022 17:02:18 +0000 https://formes.asia/pokemon-go-developer-niantic-says-its-better-at-spotting-cheaters-and-is-stepping-up-the-app/ Pokémon Go developer Niantic has outlined its plans to tackle cheating in the popular augmented reality mobile game. In an update posted on the company’s official blog (thanks, NME), Niantic said it is “continually working[ing] to facilitate a fun and fair environment” and “[felt players’] frustration with how cheating behaviors affected them. Its last article […]]]>

Pokémon Go developer Niantic has outlined its plans to tackle cheating in the popular augmented reality mobile game.

In an update posted on the company’s official blog (thanks, NME), Niantic said it is “continually working[ing] to facilitate a fun and fair environment” and “[felt players’] frustration with how cheating behaviors affected them.

Its last article on cheating – posted last year – was “mostly focused on sharing broad insight” on the topic, but since then Niantic says it’s “getting better” at spotting cheaters.

“[W]We have invested in better observing cheating behavior and can now more reliably identify such activity with increased speed and accuracy, preventing legitimate players from being improperly punished,” the post reads.


“As a result, we will be ramping up the enforcement of these behaviors in our games and rolling out our enhanced anti-cheat approach. We are now starting to take action against a number of accounts that we believe are in violation of our Terms of Service. usage or player guidelines during recent in-game events in Pokémon Go.”

Therefore, the team is committed to improving processes to “ensure they stay ahead of any new behavior that allows players to unfairly exploit the rules of the game” and affirms that this is not is just the first step in implementing new cheat detection and enforcement systems.

That said, it reminded players to only download official versions of the game from app stores and said it could not support jailbroken or rooted devices.

ICYMI, Niantic recently said it has no plans to remove the option to fight in remote raids – a popular mechanic introduced in response to Covid lockdowns.

Some fans were concerned that the concept would be scrapped – like other pandemic-era bonuses and gameplay have already been – especially since Niantic recently announced a new variety of in-person-only raids, which will debut this weekend for the game’s next Community Day.

]]>
Grand jury does not indict Dallas developer Bill Hutchinson for sexual assault https://formes.asia/grand-jury-does-not-indict-dallas-developer-bill-hutchinson-for-sexual-assault/ Thu, 23 Jun 2022 16:25:52 +0000 https://formes.asia/grand-jury-does-not-indict-dallas-developer-bill-hutchinson-for-sexual-assault/ A Dallas County grand jury declined to indict real estate developer William Lewald “Bill” Hutchinson after he was charged last year with sexually assaulting a teenage girl at his Highland Park home. The grand jury made its decision not to indict Hutchinson on sexual assault charges Wednesday, according to Dan Hagood, one of the attorneys […]]]>

A Dallas County grand jury declined to indict real estate developer William Lewald “Bill” Hutchinson after he was charged last year with sexually assaulting a teenage girl at his Highland Park home.

The grand jury made its decision not to indict Hutchinson on sexual assault charges Wednesday, according to Dan Hagood, one of the attorneys representing Hutchinson. Hagood provided a copy of the non-grand jury bill.

Grand jury deliberations are confidential, so the reasons for the absence of a jury bill are not known to the public.

Dallas capital murder suspect on the run after cutting leg monitor while on bail

Hutchinson still faces charges in California involving the same teenager and another girl, as well as multiple lawsuits alleging sexual misconduct.

Levi McCathern, another attorney for Hutchinson, said the lack of an indictment was vindication for his client.

“[Authorities and the grand jury] took the allegations against Mr. Hutchinson seriously, investigated them thoroughly and ultimately established what I have always known – Bill Hutchinson is innocent and the charges against him are false,” said McCathern said in a written statement.

Hutchinson, 64, was arrested in Highland Park in July 2021 after a 17-year-old laid sexual assault charges a month earlier.

Police: Dallas man assaulted his pregnant fiancée while on bail in wife’s fatal shooting

According to an affidavit for her arrest, the girl said Hutchinson invited her and other minors to his home and let them drink alcohol and smoke marijuana. The girl said he touched her inappropriately in May and on one occasion she fell asleep drunk and woke up sexually assaulting him, police wrote in the affidavit.

Shortly after his arrest in Highland Park, authorities in Orange County, California filed one count of rape and five misdemeanor counts of sexual assault against Hutchinson in connection with allegations involving the youngster. 17 and another teenager. He pleaded not guilty and was released on $100,000 bond.

The 17-year-old’s family sued Hutchinson shortly after his arrest. In a separate lawsuit in Dallas County, three women claim he sexually assaulted them. He does not face criminal charges related to the charges in the Dallas County lawsuit.

Hutchinson founded the real estate firm Dunhill Partners and partnered with Richard Branson to develop Virgin Hotels Dallas. He appeared with his much younger fiancée in both seasons of the Lifetime reality series Marry Millions.

Writer Krista Torralva contributed to this report.

]]>
New $11M Ebiara Fund Will Help Detroit’s Black and Brown Developers Scale https://formes.asia/new-11m-ebiara-fund-will-help-detroits-black-and-brown-developers-scale/ Tue, 21 Jun 2022 14:02:27 +0000 https://formes.asia/new-11m-ebiara-fund-will-help-detroits-black-and-brown-developers-scale/ Kresge-backed fund designed to remove systemic barriers for Detroit’s minority real estate developers Ebiara, a new fund to provide capital and start-up process assistance so minority-owned development companies can increase their impact on Detroit’s growing economy, was announced today by Economic Growth nonprofit Invest Detroit in partnership with consulting firm URGE Imprint and funding from […]]]>

Kresge-backed fund designed to remove systemic barriers for Detroit’s minority real estate developers

Ebiara, a new fund to provide capital and start-up process assistance so minority-owned development companies can increase their impact on Detroit’s growing economy, was announced today by Economic Growth nonprofit Invest Detroit in partnership with consulting firm URGE Imprint and funding from The Kresge Foundation.

Detroit’s emerging developers, especially minorities, find it difficult to access capital to create scalable real estate development companies, resulting in developers only seeking project funding. A lending fund with global backing, Ebiara seeks to fill this gap by helping Black and Brown-owned development companies improve their operational capacity, build a deal pipeline and find the best talent available.

“Ebiara exists to help address the challenges minority developers face growing their businesses, from accessing capital to securing talent and resources,” said Roderick Hardamon, CEO and Chief Strategist of URGE Imprint. . “Ebiara wants to be a partner for real estate development companies that want to expand their impact in Detroit. As the ecosystem has evolved to lower the barrier of entry into real estate development, more work is needed to crack the code on the market. scalability.

Behind a $10 million investment linked to Kresge’s social investment practice program, the $11 million Ebiara fund relies on three main support tools: a low-cost alternative to equity to act as a as seed capital for the developer, coaching and technical assistance to help navigate city processes and ensure project completion and access to assets. During its first two-year pilot phase, Ebiara intends to work with approximately 10 developers and support $100-200 million in new development activity.

“Ebiara is an extension of Invest Detroit’s commitment to ensuring equitable opportunities in the growing Detroit economy,” said Keona Cowan, executive vice president of lending at Invest Detroit. “It helps leverage other existing Invest Detroit programs and neighborhood efforts while creating growth paths for committed and representative Detroit-based development companies.”

While similar programs exist in other markets, Ebiara is unique to Detroit, offers a lower cost of capital, and is more open to early-stage businesses.

“Minority-led Detroit developers need better access to capital on their balance sheets to compete and bid on public projects and community development work in the Detroit neighborhoods where they live and work,” Tosha said. Tabron, Head of Social Investments at the Kresge Foundation. “The status quo of limited access to capital is unacceptable. This greatly reduces the ability of these developers to accumulate wealth and hampers their efforts to move Detroit neighborhoods forward. This fund directly addresses both of these issues and is one of many municipal funds that Kresge is working with partners like Invest Detroit to build.

“This fund will go a long way to creating more opportunities for developers of color in our city,” said Donald Rencher, City of Detroit Group Director for Housing, Planning and Development. “I thank Invest Detroit, URGE Imprint and the Kresge Foundation for their commitment to improving equity and addressing underrepresentation in Detroit’s growth and revitalization efforts.”

For more informationvisit Ebiara.com.

About Invest Detroit
Invest Detroit is a nonprofit lender, investor, and partner that supports business and real estate projects that will drive economic growth in Detroit and the region. Their goal is to increase employment density and opportunities in a strategic and inclusive manner. Learn more at www.InvestDetroit.com.

About URGE Legal Notice
URGE Imprint is an integrated management consulting firm based in Detroit, MI. URGE is focused on helping clients move their ideas forward and into execution across three distinct practice areas: Public Sector, High Growth SMEs and Real Estate. URGE’s approach is based on an intellectual drive rooted in candid and thoughtful communication, meaningful change, and a commitment to partnership.

]]>
All about Capcom, the still going strong classic games developer https://formes.asia/all-about-capcom-the-still-going-strong-classic-games-developer/ Sun, 19 Jun 2022 19:55:33 +0000 https://formes.asia/all-about-capcom-the-still-going-strong-classic-games-developer/ Capcom is a gaming giant, but the massive developer wasn’t always a household name. Japanese developer Capcom has too many icons in its history to list them all. Ryu and Ken from Street Fighter, Dante from Devil May Cry, and several protagonists from Resident Evil are just a few. Originally an arcade game developer, the […]]]>

Capcom is a gaming giant, but the massive developer wasn’t always a household name.

Japanese developer Capcom has too many icons in its history to list them all. Ryu and Ken from Street Fighter, Dante from Devil May Cry, and several protagonists from Resident Evil are just a few. Originally an arcade game developer, the company is now both a publisher and developer for all platforms. Here’s information on how Capcom was founded, its wide range of game franchises, and its best-selling title.

The story of game developer Capcom

Capcom is one of the oldest video game companies still at the top of the industry. Originally named IRM Corporation, the company began as a manufacturer of video game arcade cabinets. IRM changed its name to Capcom in 1983, short for “capsule computers”. Capcom would begin developing its own games the same year with the release of Little League. Capcom continued to develop arcade games over the months and years that followed, including the still-running Ghosts ‘n Goblins franchise.

One of those titles was Street Fighter II, which became a global sensation that inspired the entire fighting game genre. The game is still one of Capcom’s most recognized titles with an estimated worldwide revenue of $10 billion since its first release in 1991. And it’s still going strong with the recent reveal of Street Fighter 6.

In the late 90s and 2000s, Capcom moved into the home console market with series like Resident Evil, Monster Hunter, and Devil May Cry. Capcom never attempted to enter the console race, instead focusing on making games for existing platforms. Capcom sparked controversy in the 2010s with on-disc DLCs and lawsuits, but continued to release critically and commercially successful games throughout the decade.

As of 2022, Capcom currently treats Resident Evil, Monster Hunter, and Street Fighter as its flagship series. Each franchise is doing well, with Monster Hunter World as one of the most popular games and Resident Evil releasing its eighth mainline game in 2021. Capcom continues to develop video games for multiple platforms and is estimated at $6.6 billion. dollars.

Capcom develops a bunch of iconic video game series. Here is a short list of its most popular and oldest franchises.

  • ace lawyer
  • dead risen
  • the devil may cry
  • the dogma of the dragon
  • Marvel vs. Capcom
  • mega man
  • monster hunter
  • Okami
  • resident Evil
  • street fighter

Capcom also produces other games that aren’t as recognizable, but still garnered fans and critical acclaim. Capcom cult classics include Viewtiful Joe, Darkstalkers, Onimusha, and more.

Capcom’s best-selling game is Street Fighter II or Monster Hunter: World.

In terms of revenue, very few games even come close to Street Fighter II. Capcom estimates that the company made around $10 billion from the sale of arcade cabinets and home copies. Capcom produced approximately 200,000 arcade cabinets for the game and its several re-releases.

If you prefer to judge by actual copy sales, Monster Hunter: World is Capcom’s best-selling game ever. The Master Edition re-release had 20 million worldwide sales in 2019. It’s unclear how much revenue Capcom made from the game, but the game is still priced at $30 on Steam.

Capcom is both a video game developer and a video game publisher, and there are a few traits that separate it from the pack.

Capcom is different from many other game studios in that it is both the developer and publisher of its own games. Capcom does not rely on other studios to distribute its games, but works directly with online and physical retail outlets. However, Capcom tends to only release its own games. Very few indie games are published by Capcom, and those it publishes are usually joint projects.

However, Capcom outsources parts of its game development to outside studios. This is mostly reserved for sequels and spinoffs, with completely original projects done entirely within Capcom.

]]>
Grantville eyes sewer development with industrial developer https://formes.asia/grantville-eyes-sewer-development-with-industrial-developer/ Fri, 17 Jun 2022 21:52:00 +0000 https://formes.asia/grantville-eyes-sewer-development-with-industrial-developer/ Jeffrey Cullen-Dean/The Newnan Times-Herald Grantville City Council is discussing a development with Robinson Weeks to upgrade the city’s sewer system to prepare for new industrial development. Left to right, Alan Wacaser, Casey Evans, Mayor Doug Jewell, Ruby Hines and Jim Sells. Grantville could upgrade one of its pump stations to accommodate increased sewer flow from […]]]>

Jeffrey Cullen-Dean/The Newnan Times-Herald

Grantville City Council is discussing a development with Robinson Weeks to upgrade the city’s sewer system to prepare for new industrial development. Left to right, Alan Wacaser, Casey Evans, Mayor Doug Jewell, Ruby Hines and Jim Sells.

Grantville could upgrade one of its pump stations to accommodate increased sewer flow from a new industrial development.

The development is a one million square foot warehouse located near Highway 29.

In March, construction on a million-square-foot warehouse on Lowry Road was halted when the city council voted not to rezone a property from residential to light industrial.

This time the property that is being considered for development is already zoned for industrial development.

The property, owned by RW Grantville II Industrial Owner LLC, will be developed by Robinson Weeks, an industrial real estate developer.

According to City Engineer Brennan Jones, the agreement with the developer will transfer sewer flow in the area from the Pine Street Basin to the Colley Street Land Basin. The flow from there would then go to the Griffin Street pumping station.

The development is expected to use 12,000 to 15,000 gallons of water per day. Jones said the piping will need to be changed, but overall it’s a minor system upgrade.

“It relieves some of the flow from the Pine Street sewage treatment system, which will help this pond stay in compliance with its permit. The Pine Street pond is flowing at approximately its allowable limit, and therefore transferring a bit of that flow at this Griffin Street Pumping Station, it actually relieves some flow from that treatment system,” he said.

Jones added that the sewer system would be private until it connects to the public system. The developer will coordinate construction before handing over the completed piping system to the city.

Mayor Doug Jewell said he’s worried the development could use 12,000 to 15,000 gallons of water now, but will need more in the future.

Jones said the city could have some control over something like this by incorporating it and other stipulations into the development agreement with Robinson Weeks.

The board will vote on the matter at its June 20 meeting.

]]>
Another Top Developer Directory Has Been Hit By Hackers https://formes.asia/another-top-developer-directory-has-been-hit-by-hackers/ Wed, 15 Jun 2022 13:58:05 +0000 https://formes.asia/another-top-developer-directory-has-been-hit-by-hackers/ Travis CI API leaks thousands of user tokens, allowing threat actors easy access to sensitive data in GitHub, AWS and Docker Hub, according to a new report from Aqua Security’s cybersecurity arm, Team Nautilus . Travis CI is a hosted continuous integration service, which developers can use to build and test software projects hosted on […]]]>

Travis CI API leaks thousands of user tokens, allowing threat actors easy access to sensitive data in GitHub, AWS and Docker Hub, according to a new report from Aqua Security’s cybersecurity arm, Team Nautilus .

Travis CI is a hosted continuous integration service, which developers can use to build and test software projects hosted on GitHub and Bitbucket.

]]>
BOVIET SOLAR SECURES AN ORDER FOR 255 MEGAWATT PV MODULES FROM WORLD LEADER IN RENEWABLE ENERGY DEVELOPMENT https://formes.asia/boviet-solar-secures-an-order-for-255-megawatt-pv-modules-from-world-leader-in-renewable-energy-development/ Mon, 13 Jun 2022 13:45:00 +0000 https://formes.asia/boviet-solar-secures-an-order-for-255-megawatt-pv-modules-from-world-leader-in-renewable-energy-development/ Boviet Solar secures 255 MW module order from world’s leading renewable energy developer for large-scale project in the United States Tweet that “Our monofacial and bifacial PV modules are designed with better technology in mind, manufactured from robust product components under strict quality control steps and using high-tech manufacturing processes. As a result, customers can […]]]>

“Our monofacial and bifacial PV modules are designed with better technology in mind, manufactured from robust product components under strict quality control steps and using high-tech manufacturing processes. As a result, customers can mitigate their project risk, reduce their system balance (BOS), lower levelized cost of electricity (LCOE), achieve excellent return on investment (ROI), and achieve reliable and cost-effective energy production and savings. term,” said Sienna Cen, President of Boviet Solar UNITED STATES.

Boviet Solar’s photovoltaic modules feature high-purity monocrystalline wafer technology combined with PERC, half-cut, multi-busbar, large-cell design and rugged product components.

“This combination of technologies means our modules capture more photons, produce more energy, and ultimately pack more power per module. And that means developers can rely on our modules to perform reliably, regardless of installation scenario and environmental conditions,” Cen added.

Boviet Solar’s PV modules have been listed on the PVEL Top Performing PV Modules Dashboard since 2019. The company has achieved Tier 1 status from BloombergNEF since 2017.

About Boviet Solar

Founded in 2013 in Vietnam, Boviet Solar is part of Boway Alloy and is a global Tier 1 solar technology company specializing in the manufacture of monocrystalline PERC cells, monofacial and bifacial PV modules, as well as the development of solar projects. The company works with IPPs, EPCs, project developers, solar installers and contractors to provide the highest performing PV modules for large-scale, commercial, industrial and residential solar projects. With a proven track record of success working with many industry leading players, Boviet Solar has maintained its position as a manufacturer and supplier of BloombergNEF Tier 1 solar modules since 2017. The company offers financial stability, know-how technology, manufacturing excellence and supply chain transparency. Its PV modules are known for their power, performance and quality and have been ranked among the top performers on the PVEL/DNV-GL Module Reliability Scorecard since 2019. UNITED STATES the head office is in San José, California and its global headquarters are located at Vietnam. For more information, visit www.bovietsolar.com.

SOURCE Boviet Solar

]]>
Ethereum merger will take place between August and November, says developer Tim Beiko https://formes.asia/ethereum-merger-will-take-place-between-august-and-november-says-developer-tim-beiko/ Sat, 11 Jun 2022 10:44:00 +0000 https://formes.asia/ethereum-merger-will-take-place-between-august-and-november-says-developer-tim-beiko/ Ethereum developer Tim Beiko said yesterday that the highly anticipated merger will happen between August and November, and that only a catastrophic event or failure will prevent it from happening this year. He made the statement during a conversation with Ben Edgington, who called on developers to work faster so the merger could happen faster. […]]]>

Ethereum developer Tim Beiko said yesterday that the highly anticipated merger will happen between August and November, and that only a catastrophic event or failure will prevent it from happening this year.

He made the statement during a conversation with Ben Edgington, who called on developers to work faster so the merger could happen faster. Beiko claimed that due to the technical details involved, it is almost impossible to give an exact date when the merger will take place.

“I’m just not as confident that targeting more than a ballpark target, in terms of a date, is possible,” he said. When asked what the rough target was, he mentioned a range between late August and November, unless there is a “normal catastrophic event/failure/bug streak”.

If we found 0 more bugs, we’ll probably be able to merge in a few months. I don’t think that’s realistic. Don’t you think it’s likely we’ll find 10 or even 5 either? more serious problems. However, confidence decreases exponentially in this range.

However, Edgington doesn’t seem happy with the estimate, which he says is “far too rough” for any planning.

Indications have also emerged that the developers are delaying Ethereum’s difficulty bomb as they are currently fixing bugs they discovered during the Ropsten merge.

When will the merger take place?

This statement comes just weeks after Vitalik Buterin wrote that the merger could take place between August and October. Buterin also pointed out that there are risks of delays.

The merger was originally scheduled for June, but the developers postponed it. Since then, there have been discussions about when the merger will finally take place. However, some developers claim that there is already too much pressure for this to happen.

Although there have been postponements, the process leading to the merger is proceeding as planned. One of the most important testnets on Ethereum, the Ropsten testnet, completed its merger just a few days ago, on June 8th.

This followed the launch of its beacon chain on May 30. With the successful merger of the Ropsten testnet, which shares many similarities with the Ethereum mainnet, the possibility of the merger is getting closer.

According to Beiko, the Goerli testnet merger is next, and it will be the dress rehearsal before the mainnet merger.

While many are optimistic that the merger will be completed this year, some believe that all these delays are signs that it may not be.

What do you think of this subject? Write to us and tell us!

Disclaimer

All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.

]]>
A formidable developer retaliates against the assignment of a “critical” CVE vulnerability https://formes.asia/a-formidable-developer-retaliates-against-the-assignment-of-a-critical-cve-vulnerability/ Thu, 09 Jun 2022 14:02:00 +0000 https://formes.asia/a-formidable-developer-retaliates-against-the-assignment-of-a-critical-cve-vulnerability/ “This false accusation has spoiled the exit of one of our services”, laments the official The developer of the Formidable project fought against the assignment of a CVE vulnerability entry by Miter Corporation. Formidable is a popular analyzer, available on GitHub, for use during production and in serverless environments. The Node.js module and software library […]]]>

“This false accusation has spoiled the exit of one of our services”, laments the official

The developer of the Formidable project fought against the assignment of a CVE vulnerability entry by Miter Corporation.

Formidable is a popular analyzer, available on GitHub, for use during production and in serverless environments. The Node.js module and software library are open source.

The “vulnerability” was made public in May and was assigned as CVE-2022-29622 with a “critical” CVSS severity score of 9.8, close to the highest possible. An “exploit” video was also uploaded to YouTube.

Downloads by design

CVE-2022-29622 is described as a dangerous arbitrary file upload flaw in version 3.1.4 of Formidable, exploitable by attackers to “execute arbitrary code via a specially crafted filename”.

However, this classification, as well as the CVE assignment, is disputed – and this has been acknowledged in the CVE documentation.

“Some third parties dispute this issue because the product has common use cases where downloading arbitrary files is the desired behavior,” NVD’s CVE filing says.

“Additionally, there are configuration options in all versions that can change the default file handling behavior.”

DO NOT MISS Dozens of High-Traffic Websites Vulnerable to ‘Pre-Account Takeover’, Study Finds

In a Medium blog post published on June 3, Project Formidable maintainer and Guardara co-founder Zsolt Imre posted an update to a previous post examining the alleged bug, saying he was “still convinced that the Formidable library has nothing to do with these problems”.

Imre noted that a feature allowing arbitrary file downloads is not necessarily a vulnerability, depending on the use case and whether or not code execution follows a file download.

“The code must be executed for the attacker to be able to interact with the web shell,” the developer commented. “So the attacker needs to find a process that he can convince to touch the downloaded file.

“It’s not just any kind of ‘touch’! In fact, it must be executed. As you can see, context is key here.

“Invalid Claims”

Imre went on to say that the claim that the vulnerability “allows attackers to execute arbitrary code through a specially crafted filename” is incorrect, because “the only thing that may be vulnerable to this vulnerability is something that executes arbitrary code”, adding that the problem is out of scope in the case of the software library.

The developer said that it would be more accurate to say that Formidable allows downloading of arbitrary files by default, but that doesn’t mean the feature is a vulnerability on its own.

If Fomidable were vulnerable to arbitrary code execution, it should either run downloaded files or allow content to run “automatically or on demand,” Imre said.

Overall, when Formidable is a standalone attack vector, it doesn’t seem like the vulnerability is valid, according to Imre. Although the maintainer claims that you could tell there was a bug or poorly implemented feature at play, this does not constitute a vulnerability or risk to users.

Learn about the latest hacking news

“Formidable is falsely accused of being vulnerable,” Imre says. “This false accusation spoiled the release of one of our departments for no good reason.”

Talk to The daily sip, the maintainer said he had been in contact with Miter to request the removal of CVE. Miter referred Imre to a comment from a Formidable contributor, “GrosSacASac”, in which they mentioned “the conditions for being vulnerable”.

However, Imre argued that Miter read the comment “the wrong way and GrosSacASac was not referring to the library being vulnerable under certain conditions, but to an application that uses the library in a certain way.”

The maintainer has yet to receive any communication from the organization and has posted questions for GrosSacASac to answer, in hopes of clarifying the situation.

Imre commented:

If someone had taken the time to look at the code and see what the default behavior and configuration of the library was, it would become clear that GrosSacASac was not talking about the awesome library in this comment.

Unfortunately, he/she has not yet replied. I don’t believe Miter will investigate this matter further until GrosSacASac responds. Even then, as you can see, Miter apparently operates on opinion rather than fact, so we can only hope for the best.

Imre also posted a “challenge” on GitHub to further test Formidable and determine if the CVE was correctly assigned or not.

The daily sip has contacted Miter and we will update it when we get back to you.

ARCHIVES CVE program celebrates 20th anniversary as recorded security vulnerabilities soar

]]>