Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 10 articles for you...
76
cybersecurity initiativeopen source securityvulnerability disclosureCISA's Secure By Design Initiative and Its Impact on Cybersecurity
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This development aims to address the increasing cybersecurity threats individuals and organizations face. . This article highlights the efforts of companies such as Microsoft, Google, and Apple to prioritize security by default in their products. These security measures include encryption, multi-factor authentication, and automatic security updates. What Does This Initiative Involve & What Are the Implications for Cybersecurity? There has been a significant development in the tech industry as nearly 70 tech and cybersecurity companies commit to integrating default security features into their products. This "secure by design" pledge aims to enhance the baseline security of tech products and address vulnerabilities right from the point of sale. The initiative is led by the Cybersecurity and Infrastructure Security Agency (CISA) and supported by major companies, including Microsoft, IBM, and Amazon Web Services. This proactive move emphasizes the importance of cybersecurity in today's digital landscape and the need for secure software practices. According to the CISA, the goals of this initiative include: Increase the use of multi-factor authentication (MFA) across their products; Reduce default passwords across their products; Reduce one or more entire classes of vulnerabilities; Increase the installation of security patches by customers; Publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products, commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP, provides a clear channel to report vulnerabilities, and allows for public disclosure in line with coordinated vulnerability disclosure best practices and standards; Demonstrate transparency in vulnerability reporting by including accurate Common Weakness Enumeration (CWE) andCommon Platform Enumeration (CPE) fields in every CVE record for their products – and issue CVE in a "timely manner," at least for critical and high-impact bugs; and Make it easier for customers to spot evidence of intrusions affecting their products. Open Source: Pioneering the 'Secure-by-Design' Revolution As Linux admins, infosec professionals, internet security enthusiasts, and sysadmins, this development is significant as it demonstrates a proactive approach to cybersecurity. We know the benefits of built-in security, a key part of the open-source development model . Open-source software has publicly accessible code that anyone can view and contribute to, fostering thorough review by a vibrant worldwide community and resulting in the rapid detection and elimination of security issues. Software vulnerabilities cause the vast majority of breaches, and the initiative to embed security features directly into products could greatly reduce these risks. Embracing the open-source model would further enhance the inherent security of software developed under the secure-by-design initiative. The partnership between tech companies and cybersecurity experts to create more robust security features is particularly noteworthy. One security researcher states, "This collaborative effort will help address complex security challenges and lead to more resilient products." This collaboration is crucial in bridging the gap between theoretical security practices and real-world implementation. It raises questions about how this collaborative effort will impact the overall security landscape and whether it will result in a more standardized approach to security across different products. Another aspect to consider is the long-term consequences of this initiative. While embedding security features in products is a positive step, it could also create a false sense of security among users. One cybersecurity consultant warns, "Relying solely on built-in security features may lead users to believe they areinvulnerable to attacks." This raises concerns about user complacency and the need for ongoing education and awareness campaigns to ensure that users understand the limitations of these built-in security measures. Moreover, although the tech companies involved have signed the CISA's secure-by-design pledge, it is crucial to note that their commitments are voluntary. There are currently no measures in place to ensure that those who have signed on will hold up their end of the agreement. This is a critical consideration, as it is one thing to say you will adhere to a commitment and another to honor it in actuality. More must be done to ensure that companies uphold their promise to provide users with foundationally secure software. The impact of this initiative on security practitioners is significant. It could streamline security practices and reduce the burden of continuously patching vulnerabilities . However, it also raises concerns about vendor lock-in and the potential for companies to monopolize the security software market. As open-source advocates, it is essential to interrogate how this initiative aligns with the principles of openness, transparency, and collaboration that are the foundation of Linux and other open-source technologies. Our Final Thoughts on This Push for Built-in Security This initiative is a promising development in the tech industry. While it brings a positive shift towards proactive cybersecurity measures, it also raises questions about collaboration, a false sense of security, compatibility, and the balance between convenience and robustness. As security practitioners, it is crucial to critically analyze these implications and continue advocating for open-source practices and user education to strengthen overall security. . Leading technology firms are emphasizing integrated safety measures to address increasing cyberattack risks.. Secure By Design, Cybersecurity Practices, Open Source Security. . Dave Wreski
May 09, 2024
•
Organizations/Events
82
security programcybersecurity awarenessvulnerability disclosurePentagon's Vulnerability Disclosure Program Boosts Hacker Reports
Hackers are crawling all over the US Department of Defense’s websites. Don’t worry, though: they’re white hats, and DoD officials are quite happy about the whole thing. . Four years after it first invited white hat hackers to start hacking its systems, the Pentagon continues asking them to do their worst – and a report released this week says that they’re submitting more vulnerability reports than ever. The DoD’sDepartment of Defense Cyber Crime Center(DC3) handles cybersecurity for the DoD, and is responsible for tasks including cyber technical training and vulnerability sharing. It also runs the DoD’s Vulnerability Disclosure Program (VDP). The link for this article located at Naked Security is no longer available. . The collaboration with ethical hackers at the Pentagon has resulted in a notable rise in the number of vulnerability reports filed over the past four years.. White Hat Hacking, Pentagon Cybersecurity, Vulnerability Reporting. . Brittany Day
Mar 05, 2020
•
Government
78
malware protectionsoftware flawsvulnerability disclosureFireEye Vs ERNW: Malware Protection Flaw Dispute Revealed
A spat between two security companies shows just how sensitive reporting software vulnerabilities can be, particularly when it involves a popular product. The kerfuffle between FireEye and ERNW, a consultancy in Germany, started after an ERNW researcher found five software flaws in FireEye's Malware Protection System (MPS) earlier this year. . One of the flaws, found by researcher Felix Wilhelm, could be exploited to gain access to the host system, according to an advisory published by ERNW. As is customary in the industry, ERNW contacted FireEye in early April with details of the problems. . Concerns emerge regarding the disclosure of weaknesses in the Malware Defense System between CrowdStrike and CERT over issues in threat assessment.. Malware Protection System, FireEye, Ethical Disclosure, Software Flaws, Cybersecurity. . LinuxSecurity.com Team
Sep 14, 2015
•
Vendors/Products
82
government policyvulnerability disclosuresoftware policyGovernment Vulnerabilities Equities Process for Disclosure Review
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. . Know as the Vulnerabilities Equities Process, the document outlines the criteria that the government uses when deciding whether to keep information about vulnerabilities discovered by the government or its contractors private. The 13-page policy applies to a variety of hardware and software, including government-built systems, commercial systems, SCADA systems, and ICS systems. . The Risk Management Protocol establishes guidelines for governing the handling and reporting of security flaws.. Vulnerability Management, Government Policy, Disclosure Guidelines. . Anthony Pell
Sep 10, 2015
•
Government
83
security strategiescybersecurity insightsvulnerability disclosureArbor Networks Discusses Vulnerability Disclosure And Bounty Programs
Arbor Networks' Sam Curry talks about disclosure, bounty programs, and vulnerability marketing with CSO, in the first of a series of topical discussions with industry leaders and experts.. Hacked Opinions is an ongoing series of Q&As with industry leaders and experts on a number of topics that impact the security community. The first set of discussions focus on disclosure and how pending regulation could impact it. In addition, we asked about marketed vulnerabilities such as Heartbleed and bounty programs, do they make sense? The link for this article located at CSO Online is no longer available. . Hacked Opinions is an ongoing series of Q&As with industry leaders and experts on a number of topics. arbor, networks', curry, talks, about, disclosure, bounty, programs, vulnerability, marketing. . LinuxSecurity.com Team
Jul 28, 2015
•
Hacks/Cracks
82
cybersecurityNSAtransparencyNSA's Rogers Discusses Public Vulnerability Sharing Commitment
The National Security Agency (NSA) is only holding back a teeny, tiny number of code secrets, with director Admiral Mike Rogers promising the world the spook collective shares 'most' of the vulnerabilities it finds. . The agency head made the remarks on his second visit to Silicon Valley since his appointment in April this year. Admiral Rogers told students delegates that US President Barack Obama asked the agency that it should share more of its vulnerabilities with the public. The link for this article located at The Register UK is no longer available. . Chief of the National Security Agency discusses the importance of announcing vulnerabilities to the public and emphasizes the organization's pledge to openness.. Vulnerability Disclosure, NSA Insights, Code Evaluation. . Alex
Nov 06, 2014
•
Government
78
security practicesvulnerability disclosureweb monitoringRSA Security Takes Action Against Blogger Discussing Vulnerability
RSA security, one of the top security firms in the country, has sent takedown notices to a blogger and his hosting company in an effort to silence his discussion of a vulnerability found on a bank web site that RSA helps monitor, according to the blogger.. The firm has accused the blogger of trademark infringement The link for this article located at Wired is no longer available. . The firm has accused the blogger of trademark infringement The link for this article located at Wire. security, firms, country, takedown, notices, blogger. . LinuxSecurity.com Team
Aug 19, 2009
•
Vendors/Products
83
conference insightsincident reportingvulnerability disclosureExploring Responsible Disclosure Practices at Stanford Conference
Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability.. . .. Security pros gathering at a Stanford University Law School conference on responsible vulnerability disclosure Saturday harmonized on the principle that vendors should be privately notified of holes in their products, and given at least some time to produce a patch before any public disclosure is made. But there was pronounced disagreement on the question of whether or not researchers should publicly release proof-of-concept code to demonstrate a vulnerability. UK-based security researcher David Litchfield, of NGS Software, said he publicly swore off the practice after an exploit he released to demonstrate a hole in Microsoft's SQL Server became the template for January's grotesquely virulent Slammer worm. At Saturday's conference, held by the university's Center for Internet and Society, Litchfield said he wrestled with the moral issues for some time. "At the end of the day, part of my stuff, which was intended to educate, did something nefarious, and I don't want to be a part of that," said Litchfield, a prolific bug-finder. That kind of soul-searching is music to Microsoft's ears. The disclosure standards promulgated by the Organization for Internet Safety, an industry effort founded by Microsoft and handful of large security companies, require researchers to withhold any exploits from the public for at least 30 days following the first public advisory on a bug. But Redmond would like to see researchers abstain entirely, said Steve Lipner, the software-maker's director of security engineering strategy. "We prefer that finders wait beforereleasing exploit code, or, better, don't release exploit code," he said. "It's something where... we're trying to ask for cooperation, instead of something that we're trying to mandate or dictate." California-based security vendor eEye and the Polish white hat hacker group LSD -- both prodigious exploit publishers in the past -- have taken to withholding proof-of-concept code when disclosing serious security holes. The link for this article located at is no longer available. . Security pros gathering at a Stanford University Law School conference on responsible vulnerability . security, gathering, stanford, university, school, conference, responsible, vulnerability. . LinuxSecurity.com Team
Nov 24, 2003
•
Hacks/Cracks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More