Now this sounds familiar - compromise the dev tools and they compromise all products produced with them. Enterprises using open source software to engineer custom applications could be vulnerable to a newly discovered class of hack attack, a security firm claimed today. Fortify Software 's Security Research Group reported that so-called 'cross-build injection attacks' could allow a hacker to insert code into the target program while it is being constructed. The use of open source coding tools have opened the doors to "possible system-wide exploits", according to Fortify. If an attacker compromises either the server that hosts a component, or the DNS server that the build machine uses to locate that server, he could use these vulnerabilities to take full control of the build machine and possibly other machines on the remote network. Fortify discovered that, during the application build process, systems that automatically download external dependencies, including the popular Ant, Maven and...