Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 4 articles for you...
209
security advisorycommunity collaborationvulnerability managementNavigating CVE Management in Linux Security: Embracing Community Control
As Linux security administrators, we're witnessing a pivotal shift in how open-source projects manage vulnerabilities. This transition is a result of new regulatory landscapes, such as the European Union Cyber Resilience Act, which mandates a more hands-on approach for open-source projects. These projects must now become their own CVE Naming Authorities (CNAs). . Gone are the days of relying solely on third-party vendors to assign and manage Common Vulnerabilities and Exposures (CVEs) . Instead, open-source communities must take the reins, ensuring a more accurate and direct handling of security vulnerabilities. Though introducing additional tasks, this change promises to reduce the issuance of unnecessary or erroneous CVEs, which have historically led to resource drain and, at times, complacency among security teams. For you, this shift brings a few key changes. Firstly, there will be increased administrative tasks related to security management, offering better accuracy and control over how vulnerabilities are handled. Projects will need efficient tools to automate the CVE process, just as the Linux kernel team has done with their public repository. Automation will help manage the high volume of vulnerabilities, allowing you to focus on resolution rather than tracking. Let's examine how this new approach not only aligns with regulatory requirements but also enhances the overall security framework of your open-source projects. Embracing the Responsibility of Managing CVEs Transitioning to managing CVEs internally means open-source projects are taking on a significant amount of responsibility. This can initially seem daunting, especially for smaller projects with limited resources. However, the outcome of this increased responsibility guarantees more precise vulnerability tracking. When projects manage their CVEs, they can tailor vulnerability identification to their specific needs and environments, reducing the noise from irrelevant or inaccurately assigned CVEs. Open-source projectsare inherently collaborative, a strength they can leverage in this new framework. By involving contributors in the CVE management process, teams can draw from a broader pool of expertise. This is not just about administrators or project leaders taking charge; it's about harnessing the collective power of the entire community. When everyone involved in a project understands their role in the new CVE management process, it leads to a more robust and dynamic approach to security. Enhancing Precision and Control The move to self-manage CVEs allows projects to exercise greater control over how vulnerabilities are reported and addressed. This addresses one of the major pain points of the previous system—misclassified or "bogus" CVEs issued by external parties. These issues often arise from a lack of understanding of a project's specific nuances. By becoming CNAs, projects can ensure that CVEs reflect actual security concerns and are not padded out with irrelevant issues. More accurate CVE management means vulnerabilities are handled more efficiently, from identification to resolution. This can significantly enhance a project’s security posture, reducing risk and building trust with users who rely on these open-source solutions. For us administrators, this means less time wasted sorting through irrelevant CVEs and more focus on resolving genuine vulnerabilities. Automation: A Necessary Tool With the increase in responsibility comes the need for tools to handle the workload. Automation is set to become indispensable in managing the CVE process. Take a cue from the Linux kernel team, which has implemented a public repository to disclose vulnerabilities. This approach streamlines vulnerability tracking and makes it easier for stakeholders to access, understand, and react to potential security issues. Automation tools can quickly generate CVE reports, reducing the manual effort required. They ensure that reports are consistent, timely, and accurate, allowing administrators to focus on criticalproblem-solving tasks rather than administrative overhead. Embracing automation also aids in compliance with new regulations , providing a clear audit trail of how vulnerabilities are identified and addressed. Building an Effective Reporting Infrastructure Establishing a standardized process for reporting and disclosing vulnerabilities is a crucial part of this transition. This involves setting up systems that can quickly disseminate information about CVEs to everyone who needs it, whether internal developers, external partners, or end-users. The process should be as transparent and accessible as possible, enabling a swift and effective response to security issues. Security teams can ensure no vulnerability slips through the cracks by developing a clear reporting infrastructure. This can involve creating detailed documentation and using universally understood formats, like JSON , for security vulnerability disclosures. It's also important to consider how feedback will be received and processed, ensuring that all parties agree and work towards a common goal. Projects that communicate their CVE handling processes effectively will stand out in the open-source community. When users and developers know how vulnerabilities are managed, their confidence in the project's security grows, leading to broader adoption and contribution. Leveraging Community Collaboration Open-source projects thrive on collaboration, which should be harnessed to manage security vulnerabilities effectively. Projects can benefit from varied expertise and creative problem-solving skills by involving a diverse group of contributors. This collective effort can lead to innovative approaches to vulnerability management that might not be possible in more siloed environments. Encouraging community involvement can be as simple as making vulnerability tracking tools and processes accessible and easy to use. Regular updates and clear guidelines on how contributors can help can also foster a sense of ownership and responsibilityamong community members. This collaborative approach enhances security and energizes the community, driving more contributions and improvements to the project. Our Final Thoughts: Moving Forward with Confidence Transitioning to a model where open-source projects manage their CVEs is a big change, but it has significant benefits. By taking control of vulnerability management, projects gain more accuracy, transparency, and efficiency. While the initial setup may require additional effort, the long-term advantages include a more robust security framework and increased trust from users and contributors. We, Linux security administrators, are at the forefront of this change, equipped to lead our projects toward a future where vulnerabilities are not just another checkbox but a focal point of innovation and collaboration. By embracing responsibility, implementing effective tools, fostering community engagement, and setting up streamlined processes, the challenge of CVE management becomes an opportunity to redefine and enhance security within open-source projects. This proactive approach ensures that open-source ecosystems remain secure, reliable, and ready to tackle the vulnerabilities of tomorrow. What are your thoughts on this shift? Let us know @lnxsec! . Community-driven initiatives implement CVE oversight to enhance precision and governance regarding security flaws, reinforcing defense and reliability.. Linux CVE Management, Open Source Security, Vulnerability Control, Community Collaboration, Automation Tools. . Brittany Day
Apr 02, 2025
•
Security Trends
209
security practicessocial engineeringopen sourceOpenSSF & OpenJS Warning: Social Engineering Risks Affecting OSS Security
As the backbone of much of the world's technological infrastructure, the open-source community prides itself on transparency, collaboration, and innovation . However, these strengths can also present vulnerabilities, as seen with the notorious XZ Utils backdoor. . Recently, social engineering attacks targeting open-source projects have emerged as a significant threat. The Open Source Security Foundation (OpenSSF) and OpenJS Foundation have issued alerts highlighting attempts to manipulate project maintainers into granting unauthorized access or introducing malicious code. These incidents underscore the need for heightened awareness and robust defenses among Linux admins, developers, and open-source project maintainers. Let's examine these recent warnings and actionable strategies you can implement to combat this concerning trend. Understanding The Nature of Social Engineering Attacks Social engineering attacks exploit the human element of security, relying on deceit and manipulation rather than technical exploits. Attackers typically pose as legitimate contributors or community members, using friendly and persuasive tactics to build trust over time. The ultimate goal is often to gain maintainer status or convince existing maintainers to accept harmful changes. This method can be particularly effective in open-source environments where collaboration and trust are foundational. Recognizing Suspicious Activity To combat these threats, we must be able to recognize the patterns of social engineering attacks. Persistent, friendly engagement from relatively unknown contributors aiming for high-level access should raise red flags. Additionally, endorsements from unfamiliar accounts or networks can signal coordinated deception efforts. Pay close attention to pull requests (PRs) containing obfuscated code or binaries that lack transparency. Such changes can be vehicles for introducing malicious payloads. Security admins must remain vigilant for deviations from standard build and deploymentpractices that could compromise security. If a contributor creates a false sense of urgency, pushing for expedited reviews or immediate changes, take a step back and scrutinize their motives. Strengthening Authentication and Access Controls Strong authentication methods are one of the best ways to safeguard against attacks. Two-factor or multifactor authentication (MFA) can add another layer of protection, making it much harder for attackers to gain unauthorized access. Password managers provide additional security and ensure passwords are strong, unique, and not reused across services. Administrators should store recovery codes safely offsite to regain control if their accounts become compromised. Ensuring Code Integrity The review and merging of code can be critical points of vulnerability. Enabling branch protections and insisting on signed commits can help maintain the integrity of a codebase. Code reviews are required from a second developer before merging, even for changes proposed by maintainers. This additional step can catch potentially harmful alterations before they’re integrated into the project. It’s also essential to enforce readability requirements for new code. Obfuscated code or binaries hidden within a pull request can introduce significant security risks. By ensuring all changes are human-readable, maintainers can better understand the logic and purpose behind each modification, making it easier to spot malicious intent. Periodic Reviews and Minimal Permissions Administrative practices also play a crucial role in defending against social engineering attacks. Regularly review the list of committers and maintainers to verify their ongoing involvement and legitimate status within a project. Removing inactive or unnecessary accounts can reduce the risk of hijacking dormant accounts. Limiting npm publish rights and other critical permissions to trusted individuals can further minimize risk. Ensuring that only a small, trusted group can make significant changesreduces the number of potential entry points for attackers. This principle of least privilege is a fundamental aspect of a security posture. Establishing and Following Security Policies A clear and comprehensive security policy is a cornerstone of protecting open-source projects. This policy should include protocols for coordinated disclosure, providing a transparent process for reporting and addressing vulnerabilities. By establishing these guidelines, maintainers can ensure that any discovered issues are handled systematically and securely. It's also imperative to align with industry standards for security best practices. Resources like the OpenSSF Guides provide valuable insights and frameworks to help maintainers enhance their security posture. Regularly updating and reviewing these policies ensures they remain relevant and effective in the face of evolving threats. Leveraging External Support No project is an island; the broader open-source community offers resources and support. Foundations like The Linux Foundation and OpenJS Foundation can provide valuable assistance and technical resources. These organizations can offer guidance and security reviews and help coordinate responses to security incidents. Alpha-Omega and Sovereign Tech Fund provide financial and technical support tailored explicitly toward strengthening the security of open-source projects. Participating projects gain access to funding and expertise by joining these programs, significantly boosting their defensive capacities. Fostering Vigilance To guard against social engineering attacks, open-source communities should create an atmosphere of vigilance. Communication channels must remain open between maintainers and contributors while encouraging transparency among contributors. Creating an atmosphere where maintainers and contributors feel comfortable reporting suspicious activities can help detect and mitigate threats early. Training and awareness programs also play a vital role in keepingprojects secure. Informing maintainers and contributors about social engineering attacks, their signature tactics, and how to recognize them can significantly bolster project defenses. Regular security training sessions consider these risks and prepare everyone involved if suspicious activities emerge. Our Final Thoughts on These Warnings Open-source communities' collaborative nature is their greatest strength and weakness, creating opportunities and risks. As social engineering attacks become more sophisticated, Linux security admins must take proactive measures to safeguard their projects against takeover attempts by recognizing suspicious activity, strengthening authentication and access controls , assuring code integrity, and enlisting external support to decrease takeover risk. Through vigilance, transparency, and community collaboration, the integrity and security of open-source projects can be maintained to ensure they continue to flourish and innovate over time. The joint alert from OpenSSF and OpenJS Foundation is an essential reminder that while the collaborative spirit of open-source projects is invaluable, their security must also be protected with robust measures and proactive approaches. By adopting these best practices, Linux security admins can ensure their projects remain safe from current and emerging digital threats. What measures are you taking to secure your open-source projects? Reach out to us @lnxsec and let us know! . Manipulation tactics target community-driven software; implement effective measures to strengthen defenses and resilience.. Open Source Security, Social Engineering Threats, Security Practices, Code Integrity, Community Collaboration. . Brittany Day
Jan 15, 2025
•
Security Trends
76
securitynetworkingcommunity collaborationLinux Foundation's Open Metaverse Initiative for Collaboration
The Linux Foundation has announced plans to build an open-source metaverse which it says could be “as impactful as the World Wide Web”, so long as companies, developers, and founders come together to meet shared goals. . The aptly named Open Metaverse Foundation (opens in new tab) (OMF) has been divided into a series of groups, that it calls Foundational Interest Groups, designed to focus on different topics. They include transactions, virtual worlds and simulations, networking, security and privacy, and legal and policy, among others. A large number of organizations and open-source communities have come together to form the foundation, including ChainHub Foundation, OpenSDV, and Veriken, each bringing its own wealth of knowledge. . The Open Web Consortium is focused on bringing together entities to collaborate on common objectives in technological advancement.. Linux Foundation Open Source Metaverse, Community Collaboration, Digital Innovations, Open Metaverse Security. . Brittany Day
Jan 23, 2023
•
Organizations/Events
209
cybersecurityopen sourcecommunity collaborationOpen Source Collaboration Enhances Cybersecurity And Transparency
Open-source software is one of the most innovative developments of the past few decades. Open-source is code that is publicly available and editable. . While this sounds dangerous for security, it can actually significantly improve it by allowing anyone to fix errors. Applying the open-source methodology of collaboration to cybersecurity can greatly affect everyone’s security. When the Internet was new, issues of security and credential theft were primary concerns. Now, consumers are pressuring vendors to be transparent with data collection, vulnerability disclosure and security weaknesses. Open source provides transparency, but more is still needed to develop collaboration between the communities. . Collaborative open-source efforts bolster safety by promoting clarity and engaging the community, providing creative alternatives.. Open Source Influence, Cybersecurity Enhancement, Community Collaboration. . Brittany Day
Oct 05, 2022
•
Security Trends
209
community collaborationdeveloper ethicsopen source integrityExamining Developer Ethics and Their Impact on Open Source Software
From ethical concerns, a desire for more money, and simple obnoxiousness, a handful of developers are ruining open-source for everyone. . One of the most amazing things about open-source isn't that it produces great software. It's that so many developers put their egos aside to create great programs with the help of others. Now, however, a handful of programmers are putting their own concerns ahead of the good of the many and potentially wrecking open-source software for everyone. For example, JavaScript's package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little but print a message for peace to desktops. So far, so harmless. . Collective efforts fuel open-source innovation, yet certain programmers place their pride above the collective, endangering the quality of the projects.. Open Source Culture, Developer Ethics, Software Impacts. . Brittany Day
Mar 28, 2022
•
Security Trends
76
community collaborationinnovationlinux kernelOpen Source Summit 2023 Insights: Innovation, Collaboration And Development
August was an exciting month for Linux and open source, with the release of Linux kernel 4.18, a new ebook offering practical advice for enterprise open source, and the formation of the Academy Software Foundation. And, to cap it off, we ended the month with a successful Open Source Summit event highlighting open source innovation at every level and featuring keynote presentations from Linus Torvalds, Van Jones, Jim Zemlin, Jennifer Cloer, and many others.. In his welcoming address in Vancouver, The Linux Foundation’s Executive Director, Jim Zemlin, explained that The Foundation’s job is to create engines of innovation and enable the gears of those engines to spin faster. The link for this article located at Linux.com is no longer available. . During the Open Source Summit, Jim Zemlin highlighted the need for creativity within the community, showcasing presentations from prominent figures in the sector.. Open Source Summit, Linux Kernel 4.18, Innovation in Open Source, Community Collaboration, Enterprise Open Source. . Brittany Day
Sep 06, 2018
•
Organizations/Events
76
software developmentcommunity collaborationopen infrastructureCollaboration in Open Source: Insights from Chris Price on Telco Engagement
The open source community is a huge collection of often inter-related projects and initiatives, so how can telcos and their vendor partners best engage and benefit? In addition to his Ericsson role, Chris Price is also a Board Member of both the Linux Foundation and the OpenStack Foundation, so is ideally placed to offer advice.. OpenStack is moving toward an "open infrastructure" direction, which implies collaboration with other projects and communities. What are the challenges of such inter-community work, and what are the eventual benefits? And how are vendor responding to the ongoing shift in the industry to open-source software development and collaboration? With so many open source options open to telcos, is there one clear path to the future? The link for this article located at TelecomTV is no longer available. . The rise of open source communities is revolutionizing telecommunications, driving innovation and reshaping initiatives for telcos and enhancing collaboration.. Open Infrastructure, Community Collaboration, Telco Engagement, Open Source Projects, Software Development. . Brittany Day
Jun 11, 2018
•
Organizations/Events
78
open source softwarecommunity collaborationcost savingsUncovering the Benefits of Open Source for Modern Businesses Today
Open source software attracts an ever-growing list of advocates. It can save organisations a lot of money while still providing a superior service to that available from proprietary vendors.. The most obvious advantage of open source software is the products are normally free to download, although it does incur running costs such as storage and computing power. Even those rare paid-for open source products still tend to be far cheaper than closed source alternatives. The link for this article located at ComputerWorldUK is no longer available. The link for this article located at ComputerWorldUK is no longer available. . The most obvious advantage of open source software is the products are normally free to download, al. source, software, attracts, ever-growing, advocates, organisations. . LinuxSecurity.com Team
Apr 09, 2018
•
Vendors/Products
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More