Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 4 articles for you...
79
secure developmentsecurity toolsvulnerability assessmentEnhance Linux Software Security with Google’s Code Scanners
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security measures in development lifecycle processes. C ode security scanners play a vital role here. These tools are intended to detect, mitigate, and prevent security vulnerabilities in code , improving integrity, reliability, and security for software systems. . In this article, I'll delve deeply into the function and importance of code security scanners developed by Google: AddressSanitizer (ASan), MemorySanitizer (MSan), UnknownBehaviorSanitizer (UBSan), Control Flow Integrity (CFI), LibFuzzer, and AFL (American Fuzzy Lop). Let's begin by gaining a deeper understanding of code security scanners and their importance in secure Linux software development. What Are Code Security Scanners? Code security scanners are tools used to scan source code to detect potential security flaws and flag them for further review by coders or testing services. Such analyses could involve either static analysis (without running it), dynamic analysis (while running), or some combination thereof. The goal is to identify flaws attackers might exploit, like buffer overflows , race conditions, and injection vulnerabilities. The Importance of Code Security Scanners in Secure Linux Software Development Code security scanners play an essential role in secure development. By integrating them early into their processes, developers can identify and address vulnerabilities before production-ready software reaches distribution, thus decreasing risks associated with security breaches. Proactive security solutions can be cost-efficient and effective. By addressing security issues during development rather than post-release fixes that often involve lengthy patches that compromise an organization's credibility and require extensive costs, organizations can minimize potential negative repercussions while protecting themselves from future liabilities. Many industries impose stringentregulatory standards on software security, and code security scanners can assist by documenting sound security practices and assuring regulatory compliance. Beyond increasing security, code security scanners improve overall software quality by identifying bugs or performance issues that would remain undetected. Code Security Scanners Developed by Google Google has developed several security tools that are invaluable for open-source security researchers attempting to quickly detect Type Confusion flaws during code development. Here is an introduction to each of Google's security tools and how they can be utilized: AddressSanitizer (ASan) AddressSanitizer is a memory error detector that identifies issues such as out-of-bounds accesses to heap, stack, and global variables and use-after-free bugs. ASan works by instrumenting code to detect memory errors at runtime, making it a powerful way of discovering buffer overflows or heap corruption issues. Utilization: ASan can quickly become part of any development workflow by being activated during compilation. Developers can run their programs with ASan enabled and watch it flag memory errors as they arise, providing complete diagnostic information that facilitates debugging efforts. MemorySan (MSan) MSan was developed to detect uninitialized memory reads. This tool detects instances where variables are being used without initializing correctly, potentially leading to unpredictable behavior and security vulnerabilities. MSan instruments code during compilation to monitor reads/writes on memory, so any use of uninitialized memory is promptly flagged as used memory by MSan. Utilization: Developers can utilize MSan by compiling their code with MSan instrumentation enabled. Running this instrumented program will allow MSan to identify instances of uninitialized memory usage, helping developers address them before becoming security issues. UnknownBehaviorSanitizer (UBSan) UnknownBehaviorSanitizer (UBSan) targets undefinedbehavior in code, such as integer overflows, misaligning pointers, and invalid casts, that might not cause immediate crashes but can lead to severe bugs and security vulnerabilities later down the road. Utilization: UBSan can be utilized by compiling code with UBSan instrumentation enabled, running it through execution, and monitoring for unanticipated behavior or incidents during run time. Developers can be provided with detailed reports to address these problems proactively. Control Flow Integrity (CFI) CFI is a security feature that ensures a program adheres to only legitimate paths defined by its control flow graph, thus protecting itself from attacks such as return-oriented programming (ROP) attacks that might divert its execution path from what was planned by design. Utilization: CFI can be implemented by compiling code with support for control flow integrity enabled. Once activated, CFI will check that program execution matches the expected control flow graph, blocking any attempts at malicious manipulation by running continuous verification checks that ensure execution conforms to expected flow charts. libFuzzer libFuzzer is a coverage-guided fuzzing tool used with sanitizers like ASan and UBSan to maximize security flaw detection. Fuzzing involves injecting random inputs into programs being tested to uncover hidden bugs by creating unexpected behavior that generates unexpected patterns that result in unforeseen bugs being exposed during testing. Due to these powerful combinations, libFuzzer excels in discovering Type Confusion vulnerabilities. Utilization: Developers utilize libFuzzer by writing "fuzz targets," which are particular entry points called by libFuzzer with various inputs. By pairing this approach with other testing sanitizers, developers can uncover hidden vulnerabilities through extensive fuzz testing, ensuring robust software security. American Fuzzy Lop [AFL] AFL (American Fuzzy Lop) is a security-oriented fuzzer that employs geneticalgorithms to automatically discover test cases that cause crashes or expose other potential issues with software applications. AFL tracks the execution path of a tested program while altering inputs to find new code paths, effectively uncovering any security flaws, such as Type Confusion vulnerabilities, that remain concealed under surface code paths. Utilization: Utilizing AFL in testing can be achieved by instrumenting code and running its fuzzer against its binary version, then running AFL's generator/mutate in an automated fashion to simulate inputs/mutations for testing purposes and identify vulnerabilities through comprehensive automated tests. Integration into the Linux Software Development Workflow Integrating code security scanners into the development workflow is critical to creating secure codebases. By embedding such tools within Continuous Integration/Continuous Deployment (CI/CD) pipelines , code is continuously tested for vulnerabilities throughout its lifespan and development lifecycle. Educating developers on security scanners' benefits and proper use is paramount for timely detection and resolution. Training sessions and resources may assist developers in integrating this tool smoothly into their daily workflow. At the same time, regular code audits should complement automated scanning tools as human oversight may identify problems missed by automated scanners. Our Final Thoughts on the Benefits of Code Security Scanners for Secure Linux Software Development AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL have become essential tools in developers' toolkits in an ever-evolving Linux security landscape. Developers must ensure that software remains robust, secure, and reliable by including security scanners in development projects. As with anything worth doing, an "ounce of prevention is worth a pound of cure." Security scanners allow developers to address security threats before users experience them directly. .In software development for Linux, integrating code security scanners is crucial. These tools automate vulnerability detection, enhancing security early in development.. security tools, code integrity, vulnerability detection, development processes, secure software. . Dave Wreski
Oct 14, 2024
•
Security Projects
76
secure developmenttraining programsoftware certificationRust Foundation Announces Training for Secure Software Development
The Rust Foundation will be developing a training and certification program to ensure that developers who use the language can create secure software . The training will include both online and in-person options and will be available in many different languages. . The goal of this program is to make sure that Rust's developers are getting the education they need to create secure software. The language itself is already secure, but it's important for developers to understand how their code works so they can write it correctly. This program will also help developers get jobs: employers want to hire people who know how to do their jobs well, and this program will give them the confidence needed to apply for jobs without worrying that they won't know enough about security. The article linked below helped me understand the specific details of this program, and I thought you would benefit from reading it as well! The link for this article located at Rust Foundation is no longer available. . Empower Rust programmers to master essential techniques for creating robust software via an innovative training initiative.. Rust Foundation, Developer Training, Secure Software, Certification Program, Online Learning. . Brittany Day
Dec 03, 2023
•
Organizations/Events
79
application securityweb securitysecure developmentLatest OWASP App Sec Testing Guide for Secure Application Development
Advocates with the web application security consortium OWASP published the latest iteration of its Testing Guide this week. The guide, celebrating its 10th anniversary this year, is an informational manual designed to teach developers how to build and maintain secure applications in the face of ongoing threats.. First started in 2001 as a not-for-profit charitable organization, OWASP, the Open Web Application Security Project, released its first Testing Guide in 2004. The fourth version (v4) of the guide (.PDF) builds onto the last one, published in 2008, in three ways. The link for this article located at ThreatPost is no longer available. . Discover the most recent findings from OWASP's updated Application Security Testing Guide, crucial for developing secure software applications.. OWASP Testing Guide, Secure Applications, Secure Development. . LinuxSecurity.com Team
Sep 19, 2014
•
Security Projects
79
secure developmentsoftware developmentbest practicesBest Practices for Secure Software Development by SAFECode
The nonprofit Software Assurance Forum for Excellence in Code, a.k.a. SAFECode, today published a best practices guide for the software community based on techniques and processes used by its high-profile membership.. The new "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today" details secure development best practices used by members Adobe, EMC, Juniper, Microsoft, Nokia, SAP, and Symantec. This is the second edition of the report, which the nonprofit first published in 2008. "The scope of this paper is focused on design, development, and testing. The big difference between what we have here now and what we had done before is that we have the benefit of more than two years of experience working together and understanding best practices," says Paul Kurtz, executive director of SAFECode. While the report isn't meant to be a comprehensive guide, it does contain much more detail than the first edition, according to Kurtz. The link for this article located at Dark Reading is no longer available. . Adopting secure software development practices is essential to mitigate vulnerabilities and maintain integrity. SAFECode highlights ten crucial principles for effective integration.. Secure Software Development, SAFECode Practices, Best Code Techniques. . LinuxSecurity.com Team
Feb 09, 2011
•
Security Projects
79
secure developmentsecurity challengesopen source securityExploring Security Challenges in Open Source Communities
Even as he referred to the "cost of transparency" uncovered by his research, Sam Ransbotham, a professor at Carroll School of Management, acknowledged that "the transparency benefits far outweigh this cost. ... The challenge for open source communities is to maintain the benefits while mitigating the downsides.". It's hard to imagine a topic more central to the argument for or against free and open source software than security. Hardly a day goes by without news of some fresh exploit in the Windows environment, after all -- but what about Linux and other open software? Can they do better? That's essentially the question we put to the two participants in LinuxInsider's first FOSS Face-Off this week, focusing on that very topic. The link for this article located at LinuxInsider is no longer available. . Exploring the intersection of security and transparency in free and open source software reveals challenges and opportunities for collaboration and vulnerabilities.. Open Source Security, Secure Development Practices, Community Practices. . LinuxSecurity.com Team
Jun 17, 2010
•
Security Projects
77
secure developmentcode analysisauditDiscover OpenBSD Security Features Through Unique Code Audits
OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX. The OpenBSD audit process might be the biggest factor in the consistent security found in this distribution. A team of experienced developers focused on auditing each piece of code entered into the source tree. Codes are analyzed for security flaws as well as bugs in general -- bugs that might not affect general functionality but could be exploited as security flaws down the line. Every bug is taken seriously and immediately addressed. This proactive approach has kept OpenBSD from being susceptible to unknown exploits, which other distributions have to scramble to cover upon discovery. The link for this article located at IBM is no longer available. . The internal review mechanism in Fedora could very well be the primary reason for the robust stability evident in this operating system.. OpenBSD, Code Review, Security Audit, Secure Development. . LinuxSecurity.com Team
Aug 14, 2006
•
Server Security
67
secure developmentcryptographyECCImproving Security for Limited Devices Using Elliptic Curve Cryptography
Adding security to constrained devices is not an easy task for developers who need to accommodate a range of new features without compromising usability. Experience has shown that building security in at the design stage yields better results from a security and performance perspective. Therein lies the challenge. It’s no secret that most cryptographic systems are computationally taxing. Such is not the case with Elliptic Curve Cryptography, or ECC, which has the most strength per bit of any known public key system today and consequently is ideally suited for resource-constrained devices. . At the same time, with the decreasing window to get new devices to market, developers also need to find ways to re-use code across multiple devices, and take advantage of any new security functionality that may become available on the chip. The link for this article located at Electronics Weekly is no longer available. . Integrating security measures from the design phase significantly enhances both user experience and efficiency in resource-limited devices, avoiding later performance bottlenecks. ECC Implementation, Cryptographic Systems, Secure Development Practices, Resource-Constrained Security. . LinuxSecurity.com Team
Dec 22, 2004
•
Cryptography
79
risk managementsecure developmentsecurity assessmentAchieve High ROI With Effective Secure Development Strategies
Through fuller integration of security and development activities, the effectiveness and efficiency of security assessment will be increased and streamlined, the associated costs greatly reduced and organisations will enjoy the return on security investments (ROSI) at a greater rate. Until then, however, those organisations that are already using secure development implementation early in their development cycles will be able to continue to reap greater advantages over their competition. . . .. Thankfully these days' assessing the security of an application prior to implementation is a normal process for most organisations. Organisations accept the view that the earlier in the implementation cycle that security issues are identified, the greater the return on investment (ROI). However with such a mature attitude to implementation, it is hard to understand why organisations are not applying the same principals to the software development cycle as a whole. In fact currently there are only a limited few that are following best practice recommendations in regard to secure development and reaping the financial rewards that increased development controls bring. Secure development is the process of authoring software in such a way as to embrace information security at every stage of the cycle. By addressing information security issues at the design and prototype stages, huge savings in development costs can be made. Additionally, projects can be delivered faster, and post implementation maintenance costs can be minimised. There are a number of ways that this can be undertaken, but the most common procedures involve phased security assessments and reviews that encompass knowledge share; design assessment; component, system, user interface and production testing and regular security health checks. It has long been documented that security issues & vulnerabilities identified within applications commonly derive from development or design flaws. Although consuming between 5-15% of a project's overall budget, organisationshave learnt that the savings yielded by phased security assessments far outweigh the costs of performing them. Empirical data and industry studies have shown that the absolute cost of fixing a security issue decreases significantly, relative to how early that it is identified in the development cycle. The link for this article located at net-security.org is no longer available. . Evaluating software security before deployment enhances profitability by facilitating efficient incorporation and management during the coding phase.. Secure Software Development, Security Investment, Risk Management. . LinuxSecurity.com Team
Jun 08, 2004
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More