Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 2 articles for you...
79
software integrityOpenSSFsupply chain securityOpenSSF Announces SLSA 1.0 To Enhance Software Supply Chain Security
Supply chain security represents a complex challenge for organizations across industries, but it might be getting just a bit easier today with the release of the SLSA (pronounced salsa) 1.0 specification. . The supply chain levels for software artifacts (SLSA) project got its start as a Google-led effort in 2021 and is now managed as a multi-stakeholder initiative under the direction of the Linux Foundation ‘s OpenSSF (software security foundation). SLSA is a framework that aims to help define and ensure the integrity of software artifacts throughout the software supply chain. For any given application or service, there are multiple components, or artifacts, that are used to help build and deliver an offering. The SLSA framework provides several levels of conformance that outline escalating levels of security rigor. The goal of the SLSA framework is to provide assurance that software has not been tampered with and can be traced back to its source with a high degree of security. “Technology like this, which is about tracing the provenance of artifacts and the degree of rigor that’s been put into the the build processes around it, really cannot be done just at the tail end of a supply chain or by one party in a supply chain,” Brian Behlendorf, general manager of the OpenSSF, told SDxCentral. “It really is only meaningful if it’s done by everybody participating in that supply chain and so it needed to become an open specification.” . The CISA 2.0 framework bolsters cybersecurity measures, safeguarding data accuracy throughout various sectors.. Supply Chain Security, Software Integrity, OpenSSF, SLSA 1.0. . LinuxSecurity.com Team
Apr 20, 2023
•
Security Projects
76
security frameworkopen source collaborationLinux FoundationOpenSSF Adopts Microsoft S2C2F Framework: Enhancing Supply Chain Security
Microsoft announced that its Secure Supply Chain Consumption Framework (S2C2F) has been adopted by the Linux Foundation’s Open Source Security Foundation (OpenSSF) in a move to improve “supply chain security for everyone,” according to Microsoft Azure CTO Mark Russinovich. . The OpenSSF’s adoption of the framework means “the community it serves can also now have a hand in growing and improving it,” Microsoft’s Principal Program Manager of Secure Software Supply Chain Adrian Diglio said. The No. 2 cloud giant has been using S2C2F in its own open source software ( OSS ) development processes for the past three years, and as “a massive consumer of and contributor to open source, Microsoft understands the importance of a robust strategy around securing how developers consume and manage OSS dependencies when building software,” Russinovich explained . . The recent implementation of the S2C2F framework by OpenSSF enhances cooperative efforts within the community to improve security across the supply chain.. Supply Chain Security, Open Source Framework, Microsoft Collaboration. . Brittany Day
Jan 15, 2023
•
Organizations/Events
79
cyber resiliencesecurity projectssupply chain security8 Key Initiatives Strengthening Open-Source Security in 2022
Open-source security has been high on the agenda this year, with a number of initiatives, projects, and guidance launched in 2022 to help improve the cyber resiliency of open-source code, software and development. . Vendors, tech firms, collectives and governments have contributed to helping raise the open-source security bar amid organizations’ increasing use of and reliance upon open-source resources, along with the complex security risks and challenges that come with it. “2022 has intensified the necessary focus on the important topics of open-source security, including supply chain security. It has also accelerated efforts to identify what was left to do, and then start doing it. In sum: things are just getting started, but progress has been made,” David A. Wheeler, director of open-source supply chain security at the Linux Foundation, tells CSO. . Suppliers, software companies, organizations, and authorities are collaborating to bolster community-driven safety in the face of intricate dangers.. Open-Source Initiatives,Cybersecurity Projects,Development Guidelines,Supply Chain Security. . LinuxSecurity.com Team
Sep 25, 2022
•
Security Projects
209
security riskssoftware governancesoftware supply chainHow An Open Source Program Office Secures The Software Supply Chain
Learn how an open source program office (OSPO) - a bureau of open source experts within your organization dedicated to overseeing how your company uses, creates and contributes to free software - could helps secure your software supply chain. . It’s nearly impossible these days to build software without using open source code. But all that free software carries additional security risks. Organizations grapple with how best to secure their open source software supply chain . But there’s another problem: Many companies don’t even know how many open source applications they have — or what’s in them. The worst-case scenarios include debacles like 2021’s Log4j security vulnerability , or what happened with SolarWinds ’ proprietary Orion network monitoring product, which was infected with malware in 2020. . An open source program office (OSPO) enhances security in your software supply chain by standardizing evaluations and fostering security awareness among developers. Open Source Program Office, Software Security, Risk Management. . Brittany Day
Mar 11, 2022
•
Security Trends
79
software vulnerabilitiesopen-source securitysupply chain securityIntroducing Alpha-Omega Project: A Human-Centered Security Approach
The Linux Foundation and OpenSSF Alpha-Omega Project, backed by Microsoft and Google, aims to improve the security of 10,000 open-source projects through a human-centered approach to open-source software security. . The Log4j vulnerability crisis that erupted in late-2021 heightened the security world’s awareness of supply chain risks in free and universally deployed open-source software. Following an intense holiday season push by admins and cybersecurity professionals to track and remediate the Log4j flaw, the White House held a meeting of industry leaders to discuss improving open source software security. In a sign that the tech sector is stepping up efforts, the Linux Foundation and the Open Source Security Foundation (OpenSSF) have announced the Alpha-Omega Project. Backed by $5 million in initial funding from Microsoft and Google, the project seeks to improve software supply chain security for 10,000 open-source software projects by systematically looking for undiscovered vulnerabilities in open-source code and then working with project maintainers to get them fixed. . The Omega-Alpha Initiative focuses on strengthening the integrity of open-source applications by tackling vulnerabilities in the supply chain.. Alpha-Omega Project, Open-Source Security, Supply Chain Security, Vulnerability Management. . LinuxSecurity.com Team
Feb 07, 2022
•
Security Projects
79
security frameworkopen source securitycybersecurity threatBoosting Security Against Supply Chain Attacks With Google's SLSA Framework
To tackle the growing threat of attacks on the software supply chain, Google has proposed the Supply chain Levels for Software Artifacts framework, or SLSA which is pronounced "salsa". Can Google's 'salsa' make life harder for supply chain attackers? Comment below - we want to hear what you think! . Sophisticated attackers have figured out that the software supply chain is the soft underbelly of the software industry. Beyond the game-changing SolarWinds hack, Google points to the recent Codecov supply chain attack, which stung cybersecurity firm Rapid7 via a tainted Bash uploader. While supply chain attacks aren't new, Google notes they've escalated in the past year, and has shifted the focus from exploits for known or zero-day software vulnerabilities. . Advanced threat actors are targeting the software development pipeline; Google's SLSA initiative strengthens defenses against these vulnerabilities.. Software Supply Chain, Google Security, SLSA Framework, Software Attacks, Open Source Security. . LinuxSecurity.com Team
Jun 17, 2021
•
Security Projects
83
security measuresopen sourceattack preventionHow To Prevent SolarWinds-Style Attacks Using Linux Foundation Guidance
The Linux Foundation has offered suggestions on how we can avoid SolarWinds type attacks in the future. Doing so won't be easy - but it must be done. . One of the most irritating things about the SolarWinds attack was that the Russian crack went unnoticed from March to December 2020. During that time, the Russian government's SolarWinds hack was opening the door to the secrets of numerous top American government agencies and tech companies. Even now, we're still trying to get our minds around just how widespread and bad the SolarWinds cracks were. The root causes of this crack were a dangerous set of software supply-chain failures. It's too late for anything but damage control for SolarWinds, but The Linux Foundation has found several lessons to make sure your programs, whether open source or proprietary, avoid SolarWinds-style disasters. . To prevent threats like SolarWinds, prioritize a multi-layered security strategy with software integrity, community support, and vigilant monitoring techniques. SolarWinds Defense, Linux Foundation Insights, Open Source Security. . LinuxSecurity.com Team
Jan 15, 2021
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More