OpenSSL

See the following -

A Primer on the Open Source Movement from a Health Care Perspective

Open source, in myriad forms, has emerged as a significant development model that drives both innovation and technological dispersion. Ignore it at your peril, as did the major computer companies destroyed or totally remade by Linux and free software, or encyclopedia publishers by Wikipedia, or journalists and marketers by social media. The term "open source" was associated first with free software, but it goes far beyond software now. People around the world use open hardware, demand open government, share open data, and--yes--pursue open health. The field of health, in particular, will be transformed by open source principles in software, in research, in consultations and telemedicine, and in the various forms of data sharing all these processes call for.

Read More »

Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware And The Linux Foundation Form New Initiative To Support Critical Open Source Projects

Press Release | The Linux Foundation, Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware | April 24, 2014

The Linux Foundation today announced it has formed a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful.

Read More »

Another Heartbleed-Style OpenSSL Vulnerability Discovered

Polly Mosendz | Nextgov.com | June 6, 2014

Just a few months after Heartbleed was discovered and (thankfully) resolved, another OpenSSL bug is haunting web encryptions. The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday...

Read More »

As Open Source Goes Mainstream, Institutions Collaborate Differently

Alex Howard | TechRepublic | November 14, 2014

18F has quietly become the bleeding edge of the US federal government's adoption of open source software. Read about the benefits and challenges of open source going mainstream...

Read More »

Heartbleed Superbug Found In Utility Monitoring Systems

Aliya Sternstein | Nextgov.com | May 16, 2014

Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer...

Read More »

Heartbleed, an Apache License Business Model Failure?

The two year old HeartBleed bug that was recently discovered in OpenSSL and that affects millions of internet users, reveals a similar problem that could have a serious impact on the way we look at open source software. Companies such as Cisco have built expensive applications on top of OpenSSL. Security consultants have been paid good money to guarantee that OpenSSL was safe. But the OpenSSL project itself was driven by a core of only four unpaid volunteers. The German engineer Robin Seggelmann is now taking the blame for the error. His code was verified by Dr. Stephen Henson who overlooked the bug. It would be unfair to blame these two individuals for the problems caused by Heartbleed. They made two mistakes. The second mistake was a minor error in their code. Although this error took huge proportions, they should be forgiven for that error. Their first mistake was their choice to make their code available under the Apache Software License. That mistake is more problematic.

Read More »

How to Use Libraries.io Data from Millions of Open Source Projects

What if we applied the techniques Google applied to index the internet back in 1998 to the world of open source software? That's exactly the thought Andrew Nesbitt had in 2014 which lead to the creation of Libraries.io, an open source project for indexing other open source projects. This month Libraries.io released metadata on over 25 million open source projects. You can download it right now from Zenodo, but what can you do with it? To understand what is contained within this dataset, I'll take a quick look at how it's collected. Everything in Libraries.io begins with package managers. We index project metadata from 33 package managers, filling in gaps from their source repositories where we can. We parse project manifests—a gemfile, package.json, or similar—that includes code from other projects and stores the links between them...

Internet Of Thingbots: The New Security Worry

Jeff Bertolucci | Information Week | April 30, 2014

Phishing and spam attacks involving Internet of Things devices are coming -- and app developers and device makers must be ready, says a CA Technologies exec.

Read More »

Lessons To Be Learned From The Scariest Recent Open Source Vulnerabilities

Bill Ledingham | Open Source Delivers | October 29, 2014

Tis the season for spooks and frights, but the last thing any enterprise wants to experience is the terror of security vulnerabilities. In the past six months, we’ve seen three damaging open source security bugs; two of which have potentially exposed hundreds of thousands of websites and hundreds of millions of computers, servers, and devices...

Read More »

OpenID Connect May Usher In A New Era Of Federated Online Identity

Alex Howard | Tech Republic | May 15, 2014

OpenID Connect is designed to replace username/password authentication. The protocol, in use by Google and others, may solve governments' needs to authenticate users accessing digital services...

Read More »

Preventing the Next Heartbleed and Making FOSS More Secure

David Wheeler is a long-time leader in advising and working with the U.S. government on issues related to open source software. His personal webpage is a frequently cited source on open standards, open source software, and computer security. David is leading a new project, the CII Best Practices Badging project, which is part of the Linux Foundation's Core Infrastructure Initiative (CII) for strengthening the security of open source software. In this interview he talks about what it means for both government and other users...

Security's Future Belongs To Open Source

Steven J. Vaughan-Nichols | ZDNet | May 20, 2014

It's really not a debate question, it's just the way it is. The world runs on Linux and open-source software...

Read More »

Stop laying the blame for Heartbleed on open source

Simon Phipps | InfoWorld | April 14, 2014

Security experts acknowledge that open source is the best model for crypto, so how do we drive improvements to the model for creating security-critical infrastructure? Read More »

Tech Giants Back Initiative For Funding Crucial Open Source Projects

Zeljka Zorz | Help Net Security | April 24, 2014

The nonprofit Linux Foundation has announced the Core Infrastructure Initiative, a multi-million dollar project aimed to fund open source projects critical for the global information infrastructure, and a dozen of big tech companies have joined it and will be providing the funds.  Since the discovery of the OpenSSL Heartbleed bug some two weeks ago, the one positive thing brought forth by it is a better understanding of the limitations of open source software development.

Read More »

Top 10 FOSS Legal Developments of 2014

The year 2014 continued the trend of the increasing importance of legal issues for the FOSS community. Continuing the tradition of looking back over the top ten legal developments in FOSS, my selection of the top ten issues for 2014 is as follows...

Read More »