Open Source
Open Source | News, how-tos, features, reviews, and videos
How to track and secure open source in your enterprise
Your developers are using open source — even if you don't know about it. Here's how to take control and why you need to.
All aboard the blockchain train
Blockchain gains attention as its uses are tested across payment platforms.
Cisco and Apache issue warnings over Zero-Day flaw being targeted in the wild
Cisco's Talos says they've observed active attacks against a Zero-Day vulnerability in Apache's Struts, a popular Java application framework. Cisco started investigating the vulnerability shortly after it was disclosed, and found a...
HackerOne offers bug bounty service for free to open-source projects
HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.
February 2017: The month in hacks and breaches
An unsecured MongoDB database, sluggishness about disclosing and patching vulnerabilities, and “I was just curious” were among the contributing factors to the month’s incidents.
5 open source security tools too good to ignore
Look to these clever open source tools to keep secrets out of source code, identify malicious files, block malicious processes, and keep endpoints safe
Self-protection is key to Linux kernel security
Finding and fixing Linux security vulnerabilities amounts to the usual whack-a-mole. The real solution is to harden the Linux kernel and let it protect itself
Meet Apache Spot, a new open source project for cybersecurity
Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data...
Myth versus fact: Open source projects and federal agencies
The increasing demand for open source technologies among government agencies offers a cost benefit, but if not properly monitored, the code poses security risks
Defense Department needs to embrace open source or military will lose tech superiority
A report by the Center for a New American Security warns that if the DoD doesn't embrace open source, it will be "left behind."
New ransomware threat deletes files from Linux web servers
A destructive ransomware program deletes files from web servers and asks administrators for money to return them, though it's not clear if attackers can actually deliver on this promise.
New Mozilla fund will pay for security audits of open-source code
A new Mozilla fund, called Secure Open Source, aims to provide security audits of open-source code, following the discovery of key security bugs like Heartbleed and Shellshock in key pieces of the software.
Your open source security problem is worse than you think
Sixty-seven percent of applications reviewed by Black Duck Software contained known open source security vulnerabilities.
Google’s Trust API: Bye-bye passwords, hello biometrics?
Google intends to kill off passwords, as well as allow Android apps to run instantly without installing the apps first.
Apache incubating project promises new Internet security framework
The newly announced Apache Milagro (incubating) project seeks to end to centralized certificates and passwords in a world that has shifted from client-server to cloud, IoT and containerized applications.
Researchers reveal flaws in 7-Zip, users and security vendors affected
Researchers revealed security flaws in 7-Zip, so users update your 7-Zip version to 16.0 and vendors update your products that use the vulnerable 7-Zip libraries and components
OpenSSL patches two high-severity flaws
Versions 1.0.2h and 1.0.1t of the cryptographic library also patch several more bugs of lesser impact
19 open source GitHub projects for security pros
GitHub has a ton of open source options for security professionals, with new entries every day. Add these tools to your collection and work smarter
SmartThings community in uproar over loss of Rule Machine
The highly popular Rule Machine for SmartThings allowed for creating sophisticated automations, but the community developer has now yanked it in protest of the 'ongoing serious degradation of the SmartThings platform.'
