Open Source

Open Source news, information, and how-to advice

open source nametag

linux penguin security

5 things you need to know about Stack Clash to secure your shared Linux environment

Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more so for multi-tenant environments.

Open source security risks persist in commercial software [Infographic]

Black Duck’s second annual Open Source Security and Risk Analysis report shows that commonly used infrastructure components have high-risk vulnerabilities.

controlling privacy

How to track and secure open source in your enterprise

Your developers are using open source — even if you don't know about it. Here's how to take control and why you need to.

fast  train

All aboard the blockchain train

Blockchain gains attention as its uses are tested across payment platforms.

170301 mwc 03173

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild

Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a...

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

clock and calendar montage

February 2017: The month in hacks and breaches

An unsecured MongoDB database, sluggishness about disclosing and patching vulnerabilities, and “I was just curious” were among the contributing factors to the month’s incidents.

red blue tools

5 open source security tools too good to ignore

Look to these clever open source tools to keep secrets out of source code, identify malicious files, block malicious processes, and keep endpoints safe

linux security lick

Self-protection is key to Linux kernel security

Finding and fixing Linux security vulnerabilities amounts to the usual whack-a-mole. The real solution is to harden the Linux kernel and let it protect itself

stormtrooper penguin [Henry Burrows / CC BY-SA 2.0]

Why Linux users should worry about malware

From updates, to VPNs, to firewalls and AV, there are several steps Linux users should take to stay safe.

plastic soldiers

Report: Attacks based on open source vulnerabilities will rise 20 percent this year

As open source code becomes more prevalent in both commercial and home-grown applications, the number of attacks based on its vulnerabilities will increase by 20 percent this year, predicted Black Duck Software, which collects...

strata apache spot hadoop

Meet Apache Spot, a new open source project for cybersecurity

Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data...

mystery myth

Myth versus fact: Open source projects and federal agencies

The increasing demand for open source technologies among government agencies offers a cost benefit, but if not properly monitored, the code poses security risks

open source keyboard

Defense Department needs to embrace open source or military will lose tech superiority

A report by the Center for a New American Security warns that if the DoD doesn't embrace open source, it will be "left behind."

delete key

New ransomware threat deletes files from Linux web servers

A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it's not clear if attackers can actually deliver on this promise.

young man in plaid shirt holding pile of cash money

New Mozilla fund will pay for security audits of open-source code

A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of key security bugs like Heartbleed and Shellshock in key pieces of the software.

app security

Your open source security problem is worse than you think

Sixty-seven percent of applications reviewed by Black Duck Software contained known open source security vulnerabilities.

android family

Google’s Trust API: Bye-bye passwords, hello biometrics?

Google intends to kill off passwords, as well as allow Android apps to run instantly without installing the apps first.

Load More