Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 6 articles for you...
82
security initiativedeveloper collaborationopen source securityOpenSSF and Industry Leaders Unite to Address Open Source Security
In 2022, the Open Source Software Foundation (OpenSSF) set its sights on fixing security problems with the open software supply chain. including joining forces with companies including Apache, Google, Apple, and AWS, and meeting at the White House with the U.S. government's executive branch. . 2022 was a heck of a year for open source security troubles, but at the same time, the Open Source Security Foundation (OpenSSF) did its best to help secure vital programming infrastructure. In 2021, not 2022, things went awry in a big way for open source software security. I am, of course, referring to the Log4J vulnerability . It’s been over a year, and it’s still hanging around. This, in turn, woke people outside the developer and security worlds to the dangers to the software supply chain. I’d predicted that open source and Linux developers would take security much more seriously in 2022 . It looks like I was right. To meet these security needs, OpenSSF and numerous other developer players, including Apache, Google, Apple, and AWS, met at the White House with the US government’s executive branch. As White House National Security Advisor Jake Sullivan said when he called for the meeting, it was a “national security concern” that volunteers maintained foundational open source software. Well. Yes, we, the open source community, knew that. Of course, it’s not like the proprietary software development companies have covered themselves with glory. . The year 2023 highlighted major initiatives by OpenSSF aimed at tackling security issues in open source, especially in response to crises such as the vulnerability in Log4J.. OpenSSF, Open Source Security, Supply Chain Efforts. . Brittany Day
Jan 25, 2023
•
Government
209
open source softwaresecurity risksthreat managementProtecting Open Source Software from New and Evolving Threats
Open-source software has become the foundation of the digital economy: Estimates are that it constitutes 70 to 90% of any given piece of modern software. . But while it has many advantages — it is collaborative, evolving, flexible, cost-effective — it is also rife with vulnerabilities and other security issues both known and yet to be discovered. Given the explosion in its adoption, this poses significant risk to organizations across the board. Emerging issues are compounding longstanding, traditional vulnerabilities and licensing risks — underscoring the urgency and importance of securing open-source software (OSS) code made publicly and freely available for anyone to distribute, modify, review and share. “Recently, the open-source ecosystem has been under siege,” said David Wheeler, director of open-source supply chain security at the Linux Foundation . . Free software plays a crucial role but also poses significant security threats that require immediate action. Learn more about it here.. Open Source Security, Software Risks, Collaborative Software. . Brittany Day
Aug 22, 2022
•
Security Trends
79
software vulnerabilitiesopen-source securitysupply chain securityIntroducing Alpha-Omega Project: A Human-Centered Security Approach
The Linux Foundation and OpenSSF Alpha-Omega Project, backed by Microsoft and Google, aims to improve the security of 10,000 open-source projects through a human-centered approach to open-source software security. . The Log4j vulnerability crisis that erupted in late-2021 heightened the security world’s awareness of supply chain risks in free and universally deployed open-source software. Following an intense holiday season push by admins and cybersecurity professionals to track and remediate the Log4j flaw, the White House held a meeting of industry leaders to discuss improving open source software security. In a sign that the tech sector is stepping up efforts, the Linux Foundation and the Open Source Security Foundation (OpenSSF) have announced the Alpha-Omega Project. Backed by $5 million in initial funding from Microsoft and Google, the project seeks to improve software supply chain security for 10,000 open-source software projects by systematically looking for undiscovered vulnerabilities in open-source code and then working with project maintainers to get them fixed. . The Omega-Alpha Initiative focuses on strengthening the integrity of open-source applications by tackling vulnerabilities in the supply chain.. Alpha-Omega Project, Open-Source Security, Supply Chain Security, Vulnerability Management. . LinuxSecurity.com Team
Feb 07, 2022
•
Security Projects
209
enterprise softwareopen sourcesoftware securityExploring Myths and Realities Surrounding Open Source Security
Open-source software isn’t a completely chaotic and breached wasteland of vulnerabilities. It’s a global effort to make the development lifecycle faster. . Open-source components are publicly-made codebases. Some are created and maintained by experienced developers and companies, while others are created by beginners. Open-source components are often used in enterprise software, for the purpose of reducing development time. However, the security aspect of these components isn’t always clear. In this article, you’ll learn what software security is, including key aspects that can impact security. You’ll also learn four open source security myths and facts. The link for this article located at Security Today is no longer available. . Uncover the realities behind open-source safety: its misconceptions, realities, and the significance of secure software development processes.. Open Source Security, Software Myths, Development Lifecycle, Software Components. . Brittany Day
Feb 10, 2020
•
Security Trends
78
code analysisdevelopment toolssecurity acquisitionGitHub Acquires Semmle: Boosting Automated Security Code Review
Popular software hosting service GitHub has acquired Semmle , a code analysis platform that helps product developers and security researchers discover potential zero-days and critical vulnerabilities in large codebases. Learn more in a great The Next Web article: . The financial terms of the deal were not disclosed by the two companies.But GitHub intends to make Semmle’s automated code review products available via GitHub Actions . The San Francisco-based firm— founded in 2006 — counts Uber, NASA, Microsoft, Google, and Nasdaq as some of its clients. Semmle offers tools likeQLthat codifies logical programming errors as queries to spot mistakes, find variants of the same bug elsewhere in the code, and prevent them from occurring in the future. The link for this article located at The Next Web is no longer available. . GitHub purchases Semmle to improve automated code assessment and security flaw identification in software development processes.. GitHub, Semmle, code analysis, security tools, software development. . LinuxSecurity.com Team
Sep 19, 2019
•
Vendors/Products
76
security researchsoftware vulnerabilitiescontestPwn2Own: Evolution of the Contest and Security Research Impact
When the Pwn2Own contest began in 2007, it was dismissed by some in the industry as nothing more than a publicity stunt meant to inflate the egos of researchers while embarrassing software vendors. But as the fifth edition of the hacker challenge gets underway at the CanSecWest conference here this week, it has evolved into a display of some of the few things that are actually good and right with the security community.. The contest began as essentially a timed competition to see who could find and exploit a vulnerability in a fully patched MacBook Pro running the most current version of OS X. Researchers went at the machines for hours, trying to find a new bug and develop a reliable exploit for it. Win, and you got not only the computer that you'd exploited but a nice $10,000 cash prize. There were different thresholds for different machines, but both the 15-inch and 17-inch MacBooks lived through the first day of the contest without being compromised. Not so the next day. Researcher Dino Dai Zovi, who wasn't at the conference, found a new flaw in the Java implementation in QuickTime and called his friend Shane Macaulay, who was in Vancouver. Dai Zovi developed a browser-based exploit for the bug and Macaulay implemented it at the conference. The pair took down the 15-inch MacBook and the cash. Dai Zovi stayed up most of the night working on the bug and exploit, but within a few hours he had a reliable exploit, a new MacBook and some nice walking around money. Not a bad night's work. The link for this article located at ThreatPost is no longer available. . Since 2007, Pwn2Own has evolved from a simple hacking contest into a vital platform for showcasing cybersecurity vulnerabilities and innovation.. Pwn2Own Contest, Security Research, Bug Exploitation, Hacker Events. . Anthony Pell
Mar 10, 2011
•
Organizations/Events
78
software vulnerabilitiessecurity reportbug patchingGoogle Addresses IBM's Bug Findings and Clarifies Security Claims
Google on Monday said that a recent report claiming it failed to patch one-third of the serious bugs in its software had the facts wrong. IBM's X-Force security unit, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated "critical" or "high" in its online services.. "We questioned a number of surprising findings concerning Google's vulnerability rate and response record, and after discussions with IBM, we discovered a number of errors that had important implications for the report's conclusions," said Adam Mein, a security program manager at Google, in an entry on a company blog. Last week, X-Force's report claimed that 9% of all Google bugs disclosed in the first half of 2010 were unpatched, and 33% of the vulnerabilities ranked as critical or high had not been fixed. The link for this article located at Computer World is no longer available. . Amazon clarifies rumors about unresolved issues, disclosing comprehensive actions taken against significant security threats in their digital solutions.. Bug Patching, Software Vulnerability Management, Security Management. . LinuxSecurity.com Team
Sep 02, 2010
•
Vendors/Products
79
security practicesenterprise softwaresoftware vulnerabilitiesEnhancing Code Security: Essential Practices for Enterprises
Looking for ideas to improve how code security is done in your enterprise? Here are several. Code security is something companies have struggled with for some time. In the rush to make new websites and applications available to customers, vulnerabilities are inevitably left behind.. But more companies are starting to realize security must be baked into their code from the very beginning. The question is how best to get there. To help answer that question, CSO has assembled a collection of related articles, podcasts and columns in one place for quick study and, hopefully, real solutions. Code Security: MidAmerican Energy's top priority after SQL injection attacks Security practitioners are increasingly bent on better code security, as Microsoft SDL, BSIMM and Rugged demonstrate. Here's how it became Priority 1 for one of the nation's largest energy providers. 'Unbreakable' was a stretch, 'Rugged' more attainable CSO Senior Editor Bill Brenner on why the Rugged Software initiative is a big step forward in the quest for cybersecurity. The link for this article located at CSO Online is no longer available. . Incorporating security from the start of enterprise app development is crucial to guard against vulnerabilities. Here are effective strategies to implement that. Application Security, Code Review Techniques, Secure Coding Practices. . LinuxSecurity.com Team
May 26, 2010
•
Security Projects
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More