Heartbleed

See the following -

Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware And The Linux Foundation Form New Initiative To Support Critical Open Source Projects

Press Release | The Linux Foundation, Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware | April 24, 2014

The Linux Foundation today announced it has formed a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful.

Read More »

Another Heartbleed-Style OpenSSL Vulnerability Discovered

Polly Mosendz | Nextgov.com | June 6, 2014

Just a few months after Heartbleed was discovered and (thankfully) resolved, another OpenSSL bug is haunting web encryptions. The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday...

Read More »

Canonical Embeds Ubuntu Linux Into Devices to Secure IoT

Sean Michael Kerner | eWeek | January 20, 2015

The new effort will extend Ubuntu's Snappy Linux technology to help enable the Internet of things...

Read More »

Data Breaches Through Wearables Put Target Squarely on IoT in 2017

Ryan Francis | Java World | January 3, 2017

Security needs to be baked into IoT devices for there to be any chance of halting a DDoS attack, according to security experts. Read More »

Heartbleed Superbug Found In Utility Monitoring Systems

Aliya Sternstein | Nextgov.com | May 16, 2014

Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer...

Read More »

Heartbleed-Weary Tech Firms Show OpenSSL A Little Love

Erika Morphy | Linux Insider | May 30, 2014

A new attack vector has been identified, causing renewed distress over the difficulty of coming up with a Heartbleed cure. Coincidentally, the latest threat information comes just as a group of tech companies announced a new effort to shore up OpenSSL security...

Read More »

How The NSA Undermines Cybersecurity

Brendan Sasso | Nextgov.com | April 30, 2014

...Officials have warned for years that a sophisticated cyberattack could cripple critical infrastructure or allow thieves to make off with the financial information of millions of Americans. President Obama pushed Congress to enact cybersecurity legislation, and when it didn’t, he issued his own executive order in 2013...

Read More »

How to Use Libraries.io Data from Millions of Open Source Projects

What if we applied the techniques Google applied to index the internet back in 1998 to the world of open source software? That's exactly the thought Andrew Nesbitt had in 2014 which lead to the creation of Libraries.io, an open source project for indexing other open source projects. This month Libraries.io released metadata on over 25 million open source projects. You can download it right now from Zenodo, but what can you do with it? To understand what is contained within this dataset, I'll take a quick look at how it's collected. Everything in Libraries.io begins with package managers. We index project metadata from 33 package managers, filling in gaps from their source repositories where we can. We parse project manifests—a gemfile, package.json, or similar—that includes code from other projects and stores the links between them...

Jim Zemlin: 2014-The Open Source Tipping Point

For the last ten years open source has expanded into more and more segments of the computing industry. But as we review 2014, a new story emerges: software development has fundamentally shifted toward an open source model. Especially for the infrastructure software used for scale-out computing, open source is the de facto choice; in fact, it’s virtually impossible to find examples of scale-out infrastructure that is not open source. Read More »

Lessons To Be Learned From The Scariest Recent Open Source Vulnerabilities

Bill Ledingham | Open Source Delivers | October 29, 2014

Tis the season for spooks and frights, but the last thing any enterprise wants to experience is the terror of security vulnerabilities. In the past six months, we’ve seen three damaging open source security bugs; two of which have potentially exposed hundreds of thousands of websites and hundreds of millions of computers, servers, and devices...

Read More »

NIST's Dream: Integrating Security Into Design

Sean Lyngaas | FCW | May 14, 2014

The National Institute of Standards and Technology hopes its new guidelines for IT security will beget a systems engineering process in which security is intrinsic to product design rather than an afterthought.  The guidelines, posted May 12, offer best practices for information systems security based on international engineering standards...

Read More »

Obama Lets NSA. Exploit Some Internet Flaws, Officials Say

David E. Sanger | The New York Times | April 12, 2014

Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.  But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.

Read More »

Open Source And Linux In 2014

Jim Lynch | IT World | December 29, 2014

In today's open source roundup: Looking back at open source and Linux in 2014. Plus: Switching from Apple laptops to Chromebooks, and the best gaming mouse for Linux?...

Read More »

Over 90% Of Cloud Services Used In Healthcare Pose Medium To High Security Risk

Dan Munro | Forbes | September 1, 2014

According to cloud security vendor Skyhigh Networks, more than 13% of cloud services used in healthcare are high‒risk and 77% are medium risk ‒ as measured across 54 different security attributes (like data encryption and “two factor” authentication)...

Read More »

Preventing the Next Heartbleed and Making FOSS More Secure

David Wheeler is a long-time leader in advising and working with the U.S. government on issues related to open source software. His personal webpage is a frequently cited source on open standards, open source software, and computer security. David is leading a new project, the CII Best Practices Badging project, which is part of the Linux Foundation's Core Infrastructure Initiative (CII) for strengthening the security of open source software. In this interview he talks about what it means for both government and other users...