Open Source

Open Source news, information, and how-to advice

mystery myth

Myth versus fact: Open source projects and federal agencies

The increasing demand for open source technologies among government agencies offers a cost benefit, but if not properly monitored, the code poses security risks

open source keyboard

Defense Department needs to embrace open source or military will lose tech superiority

A report by the Center for a New American Security warns that if the DoD doesn't embrace open source, it will be "left behind."

delete key

New ransomware threat deletes files from Linux web servers

A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it's not clear if attackers can actually deliver on this promise.

young man in plaid shirt holding pile of cash money

New Mozilla fund will pay for security audits of open-source code

A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of key security bugs like Heartbleed and Shellshock in key pieces of the software.

app security

Your open source security problem is worse than you think

Sixty-seven percent of applications reviewed by Black Duck Software contained known open source security vulnerabilities.

android family

Google’s Trust API: Bye-bye passwords, hello biometrics?

Google intends to kill off passwords, as well as allow Android apps to run instantly without installing the apps first.

internet security

Apache incubating project promises new Internet security framework

The newly announced Apache Milagro (incubating) project seeks to end to centralized certificates and passwords in a world that has shifted from client-server to cloud, IoT and containerized applications.

7-Zip version 16.00

Researchers reveal flaws in 7-Zip, users and security vendors affected

Researchers revealed security flaws in 7-Zip, so users update your 7-Zip version to 16.0 and vendors update your products that use the vulnerable 7-Zip libraries and components

cyber security

OpenSSL patches two high-severity flaws

Versions 1.0.2h and 1.0.1t of the cryptographic library also patch several more bugs of lesser impact

A mug with the words GitHub Social Coding

19 open source GitHub projects for security pros

GitHub has a ton of open source options for security professionals, with new entries every day. Add these tools to your collection and work smarter

SmartThings kit

SmartThings community in uproar over loss of Rule Machine

The highly popular Rule Machine for SmartThings allowed for creating sophisticated automations, but the community developer has now yanked it in protest of the 'ongoing serious degradation of the SmartThings platform.'

clamps tools

Why security DIY might be exactly what you need

James K. Adamson shares a unique take on the rise of security DIY, why it benefits you, and how to get started


Infiltrate take aways for a security newb

Across security sectors, offensive hackers offer tactics to prevent an attack

closed barriers

Open-source vulnerabilities database shuts down

An open-source project dedicated to cataloguing a huge range of computer security flaws has closed its doors as of Tuesday, according to an announcement on the Open-Source Vulnerability Database’s blog.

160302 pentagon

Feds tackle open source code quality

Even as the White House is calling on federal agencies to make more use of open source projects, there's also a federal effort under way to reduce the number of vulnerabilities in those products via better code review tools and bug...

White House

Public concerned about security flaws in government open source code

Earlier this month, the White House released a draft of an open source code policy for public review which would require agencies to share code with each other and with the public, but some experts are concerned about possible...

drown attack logo SSLv2

OpenSSL update fixes DROWN vulnerability

The DROWN attack decrypts TLS sessions on servers supporting SSL v2 and using RSA key exchange

Linux Mint Cinnamon 17.3 screenshot

Attackers hack Linux Mint website to add ISO with backdoor

Linux Mint warned its website was hacked via WordPress and attackers changed an ISO link to a malicious Linux Mint 17.3 Cinnamon edition on Saturday. The database was sold on the dark web and hackers re-compromised the site after it...

open source

Open source security is not as big of a concern as it once was

Some shops are willing to go away from proprietary software for even the most precious data.

waiting in line

To queue or not to queue, that is the PCI question

In the first of this three-part series, I will detail issues surrounding message queuing and how to ensure it doesn’t break your PCI DSS compliance effort.

Load More