Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 3 articles for you...
76
open source securitysecurity projectsoftware testingOpenSSF Alpha-Omega Project for Improved Open Source Software Security
OpenSSF is excited to announce the Alpha-Omega Project to improve the security posture of open source software (OSS) through direct engagement of software security experts and automated security testing. Microsoft and Google are supporting the Alpha-Omega Project with an initial investment of $5 million. . Alan Shimel: Hey, everyone. Welcome to another segment for Techstrong TV. My guest today is Brian Behlendorf. Brian is with the Open Source Security Foundation – that’s the OSSF. The Open Source Security Foundation, of course, is part of the Linux Foundation and it was – it’s a relatively new organization. It was – was it announced at KubeCon – CNCFCon back in, I guess, September, was that, Brian? Brian Behlendorf: We announced kind of the second generation of the project in October. The project has been around for about a year longer than that – actually just over that as a collaboration between some things that Microsoft had started and Google had started. The Linux Foundation said, “Let’s put this in the same pod” and a tremendous community of volunteers stepped up to do all sorts of things and get plates spinning on top of poles. And then, around about October we realized, hey, there’s some places where spending some money would be helpful and here’s a whole bunch of companies willing to come in as sponsors and really fund some of that work. And so, that also freed me up to be able to focus full time on it as well. The link for this article located at Security Boulevard is no longer available. . The Open Source Security Foundation's Alpha-Omega Initiative is designed to bolster OSS protection through the involvement of specialists and thorough assessments.. OpenSSF, Open Source Security, Alpha-Omega Project, Software Security, Automated Testing. . Brittany Day
Sep 11, 2022
•
Organizations/Events
79
open sourceethical hackingvulnerability reportThe Central Security Project: Streamlining Java Vulnerability Reporting
When a security researcher finds a security bug, what do they do? Unfortunately, the answer sometimes is they search for the appropriate people to notify and, when they can’t be found, end up posting the vulnerability to public email lists, the GitHub project, or even Twitter. . This is the problem that security platform HackerOne and software supply chain management tool Sonatype have teamed up to solve with The Central Security Project, a new effort that “brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components,” according to a statement. The link for this article located at TheNewStack is no longer available. . GitHub partners with Snyk to enhance security audits for public Python packages, aiming to boost safety and reliability in the open source ecosystem. Vulnerability Reporting, Open Source Projects, Java Security, HackerOne Collaboration, Ethical Hacking. . LinuxSecurity.com Team
Mar 28, 2019
•
Security Projects
67
cybersecurityopensslproject managementOpenSSL Risks With Multiple Fix Projects That May Impact Security
Nobody questions that OpenSSL is a vital part of the Internet's infrastructure. So many fundamentals are built on top of it and in so many places. Too much is at stake for it to be vulnerable to yet another Heartbleed, the dangers of which may linger for some time in embedded and client devices.. That's why the efforts, plural, to fix OpenSSL and make it more maintainable are so heartening. But having three such projects in the works, all operating in parallel, may be the wrong kind of plurality. The link for this article located at InfoWorld is no longer available. . Worries grow regarding OpenSSL's oversight as several initiatives work on repairs at the same time; a threat to online safety.. OpenSSL Management, Cybersecurity Risks, Infrastructure Security, Project Coordination. . LinuxSecurity.com Team
Jul 14, 2014
•
Cryptography
81
authenticationrole-based accessidentity systemsBandit Project Adds Role-Based Access To Identity Systems
No system works perfectly all the time, but for something as fundamental as being able to prove who you are and get access to what you. The Bandit project, led by Dale Olds from Novell, will add role-based authentication and auditing to identity systems, drawing on the Novell Directory Services, which Olds also worked on. He doesn't think this is an easy fix; indeed he admits The link for this article located at The Register is no longer available. . The Bandit project, led by Dale Olds from Novell, will add role-based authentication and auditing to. system, works, perfectly, something, fundamental, being, prove. . LinuxSecurity.com Team
Sep 15, 2006
•
Privacy
79
code reviewsecurity projectopen source auditingDARPA Sardonix Project Faces Challenges In Attracting Auditors
Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. Initially funded by a research grant from the Pentagon's Defense Advanced Research Projects Agency (DARPA), the Sardonix project aspired to replace the loosely-structured Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. . . .. Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs to the thankless task of open-source security auditing is prepared to throw in the towel. Initially funded by a research grant from the Pentagon's Defense Advanced Research Projects Agency (DARPA), the Sardonix project aspired to replace the loosely-structured Linux security review process with a public website that meticulously tracks which code has been audited for security holes, and by whom. As conceived by Oregon-based computer scientist Crispin Cowan, Sardonix was to attract volunteer auditors by automatically ranking them according to the amount of code they've examined, and the number of security holes they've found. Auditors would lose points if a subsequent audit by someone else turned up bugs they missed. Cowen hoped that the system would produce the same cocktail of goodwill and computer-judged competition that fuels other successful geeky endeavors, from the distributed computing effort that recognizes top producers in the search for new prime numbers, to the "karma" points awarded highly-rated posters on the news-for-nerds site Slashdot. In the end, though, nobody showed up. "I got a great deal of participation from people who had opinions on how the studliness ranking should work, and then squat from anybody actually reviewing code," says Cowan, chief research scientist at WireX Communications. . Two years after its hopeful launch, a U.S.-backed research project aimed at drawing skilled eyeballs.years, hopeful, launch, -backed, research, project, aimed, drawing, skilled, eyeballs. . LinuxSecurity.com Team
Feb 02, 2004
•
Security Projects
79
network securityintrusion detectionopen sourceOWASP CodeSeeker: Open Source Firewall and IDS for Enhanced Security
The Open Web Application Security Project (OWASP) are pleased to annouce the imminent availability of CodeSeeker, an Application Level Firewall and Intrusion Detection System (AFWIDS) for Linux, Win32 and Solaris.. . .. The Open Web Application Security Project (OWASP) are pleased to annouce the imminent availability of CodeSeeker, an Application Level Firewall and Intrusion Detection System (AFWIDS) for Linux, Win32 and Solaris. CodeSeeker was donated to OWASP on November 19th by Butterfly Security. The Butterfly Security team will be continuing to manage this project and developing and enhancing Codeseeker as a community effort at OWASP. CodeSeeker is GPL and copyrighted to the FreeSoftware Foundation ensuring that it will always remain truly open source and free to everyone. This is a truly altruistic donation by Butterfly Security and we can¢t thank them all enough. CodeSeeker is written in Java and C/C++. It intercepts HTTP traffic off the stack (immediately after its been decrypted by SSL if its HTTPS), and applies a set of security rules to determine if the traffic is legitimate or malicious. CodeSeeker can either sit in a passive mode simply alerting your console of attacks (IDS) or in an active mode blocking traffic (firewall). You can see screenshots at Version 1.0 beta will be made available to developers and beta testers in December. If you are interested in joining this project as a developer and have Java or C skills then please join the CodeSeeker mailing list and introduce yourself. owasp-codeseeker List Signup and Options The link for this article located at OWASP is no longer available. . The OWASP Foundation unveils CodeSeeker, an all-encompassing application firewall and intrusion detection system aimed at bolstering security measures.. Application Layer Firewall, Open Source Protection, Network Security. . LinuxSecurity.com Team
Nov 25, 2002
•
Security Projects
79
security advisorysecurity projectphp interpreterPHP Audit Project: Enhancing Interpreter Security For OpenBSD
Because PHP is a critical piece of the hosting service puzzle, the PHP audit project was started in order to harden the PHP interpreter against known and unknown vunlerabilities. We are also trying to add some enhancements for the OpenBSD operating . . . . Because PHP is a critical piece of the hosting service puzzle, the PHP audit project was started in order to harden the PHP interpreter against known and unknown vunlerabilities. We are also trying to add some enhancements for the OpenBSD operating system, without breaking the portability to other systems. The idea was born on the misc@ mailing-list. We are currently working on PHP 4.1.2 . The link for this article located at PHP Audit Project is no longer available. . The JavaScript enhancement initiative is designed to bolster the JS runtime by tackling both identified and unrecognized vulnerabilities.. PHP Hardening, OpenBSD Project, Security Enhancements. . LinuxSecurity.com Team
Mar 10, 2002
•
Security Projects
79
Linux kernelkernel auditingopen source initiativeKernel Auditing Project: Securing Linux Through Comprehensive Reviews
Brian Paxton writes, "It's an attempt to audit the linux kernel for any security vulnerabilities and/or holes and/or possible vulnerabilities and/or possible holes, and of course without adding more bugs or drawbacks to the existing kernels. The suggested kernels to be audited are 2.0.x kernel series , 2.2.x kernel series, and the 2.3.x/2.4.x kernel series. The group and it's work shall be dealt and worked with via a mailing list." . Brian Paxton writes, "It's an attempt to audit the linux kernel for any security vulnerabilities and/or holes and/or possible vulnerabilities and/or possible holes, and of course without adding more bugs or drawbacks to the existing kernels. The suggested kernels to be audited are 2.0.x kernel series , 2.2.x kernel series, and the 2.3.x/2.4.x kernel series. The group and it's work shall be dealt and worked with via a mailing list." ############## kernel auditing project ################ This is a mission statement for a project under way and ready to get going. The Linux kernel auditing project(LKAP). The purpose of this project is self-explanatory. It's an attempt to audit the linux kernel for any security vulnerabilities and/or holes and/or possible vulnerabilities and/or possible holes, and of course without adding more bugs or drawbacks to the existing kernels. The suggested kernels to be audited are 2.0.x kernel series , 2.2.x kernel series, and the 2.3.x/2.4.x kernel series. The group and it's work shall be dealt and worked with via a mailing list. How to subscribe: echo subscribe kernel-audit | mail
Jun 09, 2000
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More