Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found 61 articles for you...
76

Significance Of SPDX 3.0 For Software Management And Security Insights

The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. The SPDX community, in collaboration with the Linux Foundation , has evolved the widely used Software Bill of Materials (SBOM) communication format with a comprehensive set of updates, introducing new features and enhancements tailored to modern system use cases. . This article presents the benefits of SPDX 3.0, offering valuable insights into its implications for the security and management of software systems. What Is the Significance of the SPDX 3.0 Release? One of the most intriguing aspects of SPDX 3.0 is the introduction of profiles, which offer tailored information for popular use cases such as security, software build attestation, precise licensing, AI model training, and data set provenance. These profiles are gateways to facilitate the straightforward use of SPDX for specific scenarios, empowering developers, security engineers, data scientists, and legal professionals to leverage SPDX effortlessly for their specific use cases. This sparks curiosity for tech enthusiasts seeking to understand how SPDX 3.0 can enhance their software management practices. The significant impact of SPDX 3.0 on the software ecosystem must be highlighted, emphasizing the community-driven development process and its alignment with ISO governance standards. The involvement of key industry experts and organizations in evolving SPDX as a user-centric SBOM format shows its potential to address diverse needs, paving the way for enhanced software package management, improved compliance with licensing obligations, streamlined security practices, and optimized software build processes. Users and developers are prompted to ponder the long-term consequences of adopting SPDX 3.0 and its potential implications for mitigating risks, building trust, and demonstrating commitment to industry best practices. Industry leaders, such as Arm,Chainguard Labs, EPAM Systems, Huawei, Intel, GitHub, Google, Microsoft, MITRE, and others, have expressed their support and recognition of SPDX 3.0's importance in software supply chain security . Our Final Thoughts on SPDX 3.0 We aim to shed light on the importance of SPDX 3.0 in revolutionizing software management, bringing attention to its relevance for security practitioners and technology professionals. If you want to stay abreast of the latest advancements in open-source and Linux security, be sure to subscribe to our newsletters . Stay informed and secure, fellow Linux users! . Explore the benefits of SPDX 3.0 and its influence on software governance and security protocols for industry experts.. SPDX 3.0, Software Bill of Materials, Linux security, software management, open source compliance. . Brittany Day

Calendar%202 Apr 17, 2024 User Avatar Brittany Day Organizations/Events
82

Addressing Software Supply Chains: Open Source Security Insights

In the wake of several major cybersecurity incidents - the most recent being the Colonial Pipeline ransomware attack, the government wants to shore up its software supply chain. There’s no silver bullet, but Open Source shows significant promise in meeting this challenge. . Recent intrusions into federal agencies and critical infrastructure are causing the government to more closely examine how software is made, in addition to who’s making it and where. Even before President Joe Biden and his transition team entered the White House amid the unfurling SolarWinds crisis, the executive branch was working to collectively reduce weaknesses in the government’s software supply chain. A new executive order gets deeper into core software development techniques than anything from previous administrations. . Recent incidents involving federal agencies underscore vulnerabilities within government software supply chains, prompting an examination of open-source threats.. Software Supply Chain, Open Source Security, Cybersecurity Threats, Software Integrity. . Brittany Day

Calendar%202 May 19, 2021 User Avatar Brittany Day Government
209

Understanding Supply Chain Risks and Protective Strategies

Experts including Dr. David Wheeler, Director of Open Source Software Supply Chain Security at the Linux Foundation , discuss the growing trend in software supply chain attacks which use “ dependency or namespace confusion ” techniques, and how to secure software supply chains against these attacks. . Following a growing trend in software supply chain attacks which use “ dependency or namespace confusion ” techniques, I sat down for a discussion on software supply chain security with a few experts on the topic. Dr. David Wheeler, Director of Open Source Software Supply Chain Security at the Linux Foundation Dr. Trey Herr, Director of Cyber Statecraft Initiative at the Atlantic Council Brian Fox, CTO and Co-founder of Sonatype As the attack vector continues to gain further steam in the early months of 2021, we chatted about what’s happening, why this vector has taken off and how organizations can protect ourselves. The link for this article located at Security Boulevard is no longer available. . Fortify your development pipelines against emerging threats by leveraging professional advice and implementable tactics.. Supply Chain Security, Dependency Confusion, Software Protection. . Brittany Day

Calendar%202 Mar 09, 2021 User Avatar Brittany Day Security Trends
209

Understanding Linux Security: Resilience Against Increased Attacks

Linux is becoming increasingly popular, and for good reason - the open-source OS is flexible, customizable and highly secure. Luckily, Linux is superior in design to most platforms, making the inevitable increase in attacks targeting Linux less of a threat. Jack Wallen offers an eplanation, along with his perspective on the topic. . Linux powers big business--of that there is no debate. With more and more manufacturers selling Linux preinstalled on desktops and laptops, the writing on the wall is clear: Linux popularity is growing faster than most expected. For some, that means the rise of attacks on the platform is inevitable. I'm not concerned. I know, that sounds like crazy talk. After all, we've seen a number of attacks reported over the past few years. But why am I not worried? . As the adoption of Linux continues to soar, Jack Wallen delves into the strength of the OS in countering escalating cyber threats and vulnerabilities.. Linux Threats, Cybersecurity Insights, Open Source Resilience, Attack Trends. . Brittany Day

Calendar%202 Dec 16, 2020 User Avatar Brittany Day Security Trends
79

Linux Foundation: New Contributor Security Survey on Open-Source Practices

Securing Free/Libre and open-source software (FLOSS) is a big deal and The Linux Foundation wants to know exactly how programmers are dealing with security issues. In an effort to gain insight on the topic, the Linux Foundation and Harvard have announced a new Linux and open-source contributor security survey. . Except for the desktop, Linux and open-source run the IT world. With great power comes great security responsibilities. While open-source security issues can be overstated , the simple truth is antique, insecure open-source software is everywhere . The Linux Foundation knows this. To address it, the Foundation's Core Infrastructure Initiative (CII) and the Laboratory for Innovation Science at Harvard (LISH) have developed a survey for FLOSS contributors . This builds on top of their "Vulnerabilities in the Core, a preliminary report and Census II of open-source software." The study laid out a methodology for understanding and addressing open-source software structural and security complexities. Specifically, it also identifies the most commonly used FLOSS components in production applications and examines them for potential vulnerabilities. . The Linux Foundation collaborates with Harvard to initiate a survey designed to assess the security protocols adopted by contributors in the open-source community.. Open Source Security, Linux Contributors, FLOSS Security, Software Insights. . LinuxSecurity.com Team

Calendar%202 Jun 19, 2020 User Avatar LinuxSecurity.com Team Security Projects
76

Essential Insights From Linux Security Summit on Zephyr and Fuchsia

In case you missed it, videos for Linux Security Summit NA are now available. On Linux.com, we covered a couple of these in depth, including: Redefining Security Technology in Zephyr and Fuchsia By Eric Brown. If you’re the type of person who uses the word “vuln” as a shorthand for code vulnerabilities, you should check out the presentation from the recent Linux Security Summit called “Security in Zephyr and Fuchsia.” In the talk, two researchers from the National Security Agency discuss their contributions to the nascent security stacks of two open source OS projects: Zephyr and Fuchsia. The link for this article located at Linux.com is no longer available. . Explore significant takeaways from the Linux Security Summit NA recordings, encompassing security technology advancements to deliberations on operating system initiatives.. Linux Summit Videos, Security Insights, Open Source Security. . Brittany Day

Calendar%202 Oct 22, 2018 User Avatar Brittany Day Organizations/Events
76

BHUSA Insights: Exploring Cyber Defense and Political Dynamics

Opening Black Hat USA in Las Vegas, Black Hat founder Jeff Moss commented on the convergence of cybersecurity and political issues and said that world events “have caught up with us and we’re being tested.” . Saying that if offense is a purely technical endeavor, defense is “largely political” in spend, strategy and what is being defended. “I believe the technology we are delivering favors offense, the machine learning, the reinforcing algorithms, so the momentum is on offense, but in defense we’re stuck with politics,” he said. The link for this article located at InfoSecurity is no longer available. . The intersection of digital security and governance is evident, impacting protective measures and tactics amid international conflicts.. Cyber Defense, Political Strategy, Offensive Security, Technology Trends. . Brittany Day

Calendar%202 Aug 09, 2018 User Avatar Brittany Day Organizations/Events
76

Uncovering Insider Threats: Insights from DerbyCon 5.0 Conference

Salted Hash is in Louisville, Kentucky for DerbyCon 5.0. All weekend long, in-between talks and training, this blog will be updated with various items of note from the show or thoughts form those attending. Today's starter topic is insider threats. . This topic isn't new, but it hasn't really gone away either. A friend shared some data from a company called Bay Dynamics. They do predictive analytics, so insider threats is a subject they're rather interested in following. . Delve into revelations about insider threats shared at DerbyCon 5.0, highlighting advancements in predictive analytics and engaging discussions around proactive security measures.. insider threat, security conference, DerbyCon, predictive analytics. . Dave Wreski

Calendar%202 Mar 14, 2017 User Avatar Dave Wreski Organizations/Events
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200