VMware ESX source code has been stolen and posted online, but the company says its virtualization platform doesn’t necessarily pose an increased risk to customers.The stolen code amounts to a single file from sometime around 2003 or 2004, the company says in a blog post.“The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers,” according to the blog written by Iain Mulholland, director of the company’s Security Response Center.MORE: The Most Mortifying Moments in IT Security History The code was stolen from a Chinese company called China Electronics Import & Export Corporation (CEIEC) during a March breach, according to a posting on the Kaspersky Threat Post blog.The code along with internal VMware emails were posted online three days ago. VMware didn’t respond immediately to a request for more information about the impact of the breach on customers.Eric Chiu, president of virtualization security firm Hytrust, says it’s hard to say what VMware customers should do because there’s not enough detail about how the exposed code is being used in current products.In general, though, customers should review the security for virtual environments to address the fact that a compromised hypervisor exposes multiple virtual machines.While the incident is reminiscent of the breach last year of RSA source code, the circumstances differ. An RSA partner was breached and that breach was used to send a malware-laced email to an RSA staffer who opened it.In VMware’s case, the CEIEC network was hacked and finding the source code was fortuitous.This is what VMware posted in a blog: “Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe. “The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.”Read more about wide area network in Network World’s Wide Area Network section. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe