We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The C and C++ languages are unsafe. Instead, the U.S. National Security Agency would like devs to use memory-safe languages—because most security vulnerabilities are caused by bugs in memory usage.
The NSA and CISA released the guide “Securing the Software Supply Chain: Recommended Practices Guide for Developers” last month and while David Wheeler, the director of open-source supply chain security at the Linux Foundation and OpenSS, welcomes it, he said there are some questionable requirements.
Federal legislators have begun the process of better securing the open-source software used by government agencies with a new bill titled “Securing Open Source Software Act of 2022.”
Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country.
Open-source code runs on every computer on the planet—and keeps America’s critical infrastructure going. DARPA is worried about how well it can be trusted.
Linux slinger Red Hat has achieved Common Criteria certification for Red Hat Enterprise Linux 8.2, making it suitable for high level US government security.
Google has outlined its efforts to shape the US government's zero-trust initiative based on President Biden's Executive Order on cybersecurity. "Its contributions will see the company leverage initiatives that have been underway at Google for many years, spanning open-source fuzzing tools to funding Linux kernel developers to work on security, and pushing for the use of memory-safe languages in Linux. "
