The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. The SPDX community, in collaboration with the Linux Foundation, has ev...
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. The SPDX community, in collaboration with the Linux Foundation, has evolved the widely used Software Bill of Materials (SBOM) communication format with a comprehensive set of updates, introducing new features and enhancements tailored to modern system use cases.
A recent data breach incident disclosed by the OWASP Foundation due to a wiki misconfiguration highlights a critical concern for security practitioners, specifically Linux admins and infosec professionals. The breach exposed personal information from members who joined the foundation between 2006 and 2014.
The Southern California Linux Expo (SCALE) 21x is a massive community-run open-source and free software conference. This year's event showcased various workshops, presentations, and networking events.
Canonical has announced extending Ubuntu's long-term support (LTS) to 12 years, providing security coverage from the initial release. While regular LTS releases receive 5 years of standard security updates, subscribing to Ubuntu Pro adds 5 years.
Canonical, the parent company of Ubuntu Linux, has reached its 20th anniversary. To honor this monumental birthday, we'll delve into Canonical's history and impact on the Linux ecosystem.
In the world of cloud-native computing, security is paramount. The recent announcement by the Cloud Native Computing Foundation (CNCF) about the graduation of Falco, a cloud-native security tool, brings it to the forefront. Falco, described as the de facto Kubernetes threat detection engine, has gained significant traction among notable organizations like Booz Allen Hamilton, GitLab, Shopify, and many more.
The Linux Foundation recently published a report titled Maintainer Perspectives on Open Source Software Security, which provides valuable insights into the perspectives, practices, and challenges faced by OSS maintainers and core contributors regarding open-source software security. The report highlights the importance of utilizing software composition analysis (SCA) and static application security testing (SAST) tools in evaluating the security of OSS packages.
The Linux Foundation's 2023 Open Source Generative AI Report delves into the advancements and implications of generative Artificial Intelligence (AI). As Linux admins, infosec professionals, and Internet security enthusiasts, it is crucial for us to understand the impact this technology has on our field. Let's critically analyze the insights from the report and explore the long-term consequences.
The Rust Foundation will be developing a training and certification program to ensure that developers who use the language can create secure software. The training will include both online and in-person options and will be available in many different languages.
It's no secret that Linux is the most popular operating system in the world. It's also no secret that it's a very secure OS, but many things can go wrong. It's hard to keep up with all the patches and vulnerabilities, especially when you must patch tens of thousands of servers without downtime. But Meta has a system for doing so!
KubeCon + CloudNativeCon provided valuable insights for security teams supporting cloud-native development, including securing GenAI, platform engineering and supply chains.
Cloud has become synonymous with enterprise IT, but let’s not get ahead of ourselves. Though enterprises now spend roughly $545 billion annually on cloud infrastructure, according to IDC, and 41% of that spend goes to the top five cloud providers, the reality is that a substantial amount of money, even “cloud” money, isn’t being spent with the big hyperscalers.
The annual Ubuntu Summit is where Linux and open-source software lovers gather to see what’s new. This year it will take place in the beautiful city of Riga, Latvia, November 3 to 5. And guess what? Microsoft, the big name we usually associate with paid software, joined the movement. This new partnership aims for greater collaboration between major technology companies and open-source communities.
Today at DockerCon, Docker has announced the General Availability of Docker Scout. With the integration of Sysdig Runtime Insights, Docker Scout helps developers prioritize risk. This will significantly improve software supply chain security. Let's find out why.
[BLACK HAT] Googlers have lately found not one but two more security vulnerabilities in Intel and AMD processors that can be exploited to steal sensitive data from a vulnerable computer's memory.
As part of the company's recent Summit 2023, Red Hat has announced multiple different products, updates and, most importantly, opened up about the company's thoughts and prospects moving forward.
