Open Source

Open Source news, information, and how-to advice

17 open source table laptop group

plastic soldiers

Open source software security challenges persist, but the risk can be managed

Using open source components saves developers time and companies money. In other words, it's here to stay. Here's a look at what it will take to improve open source security.

open source alternatives routing firewall 1

What do open source maintainers know about security?

Open source consumers and maintainers were asked about their security expertise.

security tools intro slide

Don't build security tools, build developer tools instead

Stop building security tools that think about dev, and start building dev tools that handle security.

Rust Language
video

The Rust language: Developing safer software

Get up to speed quickly on newcomer Rust, designed to create fast, system-level software. This two-minute animated explainer shows how Rust bypasses the vexing programming issues of memory and management.

Hacker with laptop surrounded by binary code

Is 'secure open source component use' an oxymoron?

Component use in development isn’t going away, and neither is its accompanying risk.

Internet of things smart city with icons

Security starts at source code  —  in the cloud

Enterprises are overwhelmed, spending more every year and still losing. Something is missing. By ignoring the root cause of the issue, vendors are simply stacking more and more software on top the same post-deployment problem.

22 heartbleed

What is the Heartbleed bug, how does it work and how was it fixed?

The mistake that caused the Heartbleed vulnerability can be traced to a single line of code in OpenSSL, an open source code library. Here's how Heartbleed works and how to fix it if you have an unpatched server.

open source nametag

Malicious code in the Node.js npm registry shakes open source trust model

Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?

Outside IT, few aware of projected skills gap to impact security by 2019

Teaching computer science is a first step toward building the next cybersecurity workforce

linux penguin security

5 things you need to know about Stack Clash to secure your shared Linux environment

Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more so for multi-tenant environments.

Open source security risks persist in commercial software [Infographic]

Black Duck’s second annual Open Source Security and Risk Analysis report shows that commonly used infrastructure components have high-risk vulnerabilities.

controlling privacy

How to track and secure open source in your enterprise

Your developers are using open source — even if you don't know about it. Here's how to take control and why you need to.

fast  train

All aboard the blockchain train

Blockchain gains attention as its uses are tested across payment platforms.

170301 mwc 03173

Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild

Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a...

code programming software bugs cybersecurity

HackerOne offers bug bounty service for free to open-source projects

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

clock and calendar montage

February 2017: The month in hacks and breaches

An unsecured MongoDB database, sluggishness about disclosing and patching vulnerabilities, and “I was just curious” were among the contributing factors to the month’s incidents.

red blue tools

5 open source security tools too good to ignore

Look to these clever open source tools to keep secrets out of source code, identify malicious files, block malicious processes, and keep endpoints safe

linux security lick

Self-protection is key to Linux kernel security

Finding and fixing Linux security vulnerabilities amounts to the usual whack-a-mole. The real solution is to harden the Linux kernel and let it protect itself

Load More