OpenSSL
See the following -
A Primer on the Open Source Movement from a Health Care Perspective
Open source, in myriad forms, has emerged as a significant development model that drives both innovation and technological dispersion. Ignore it at your peril, as did the major computer companies destroyed or totally remade by Linux and free software, or encyclopedia publishers by Wikipedia, or journalists and marketers by social media. The term "open source" was associated first with free software, but it goes far beyond software now. People around the world use open hardware, demand open government, share open data, and--yes--pursue open health. The field of health, in particular, will be transformed by open source principles in software, in research, in consultations and telemedicine, and in the various forms of data sharing all these processes call for.
- Login to post comments
Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware And The Linux Foundation Form New Initiative To Support Critical Open Source Projects
The Linux Foundation today announced it has formed a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful.
- Login to post comments
Another Heartbleed-Style OpenSSL Vulnerability Discovered
Just a few months after Heartbleed was discovered and (thankfully) resolved, another OpenSSL bug is haunting web encryptions. The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday...
- Login to post comments
As Open Source Goes Mainstream, Institutions Collaborate Differently
18F has quietly become the bleeding edge of the US federal government's adoption of open source software. Read about the benefits and challenges of open source going mainstream...
- Login to post comments
Heartbleed Superbug Found In Utility Monitoring Systems
Software that monitors utility plants and other operations at several military installations has been found to be affected by the recently discovered superbug Heartbleed, when configured a certain way, according to the Homeland Security Department and the software’s manufacturer...
- Login to post comments
Heartbleed, an Apache License Business Model Failure?
The two year old HeartBleed bug that was recently discovered in OpenSSL and that affects millions of internet users, reveals a similar problem that could have a serious impact on the way we look at open source software. Companies such as Cisco have built expensive applications on top of OpenSSL. Security consultants have been paid good money to guarantee that OpenSSL was safe. But the OpenSSL project itself was driven by a core of only four unpaid volunteers. The German engineer Robin Seggelmann is now taking the blame for the error. His code was verified by Dr. Stephen Henson who overlooked the bug. It would be unfair to blame these two individuals for the problems caused by Heartbleed. They made two mistakes. The second mistake was a minor error in their code. Although this error took huge proportions, they should be forgiven for that error. Their first mistake was their choice to make their code available under the Apache Software License. That mistake is more problematic.
How to Use Libraries.io Data from Millions of Open Source Projects
What if we applied the techniques Google applied to index the internet back in 1998 to the world of open source software? That's exactly the thought Andrew Nesbitt had in 2014 which lead to the creation of Libraries.io, an open source project for indexing other open source projects. This month Libraries.io released metadata on over 25 million open source projects. You can download it right now from Zenodo, but what can you do with it? To understand what is contained within this dataset, I'll take a quick look at how it's collected. Everything in Libraries.io begins with package managers. We index project metadata from 33 package managers, filling in gaps from their source repositories where we can. We parse project manifests—a gemfile, package.json, or similar—that includes code from other projects and stores the links between them...
- Login to post comments
Internet Of Thingbots: The New Security Worry
Phishing and spam attacks involving Internet of Things devices are coming -- and app developers and device makers must be ready, says a CA Technologies exec.
- Login to post comments
Lessons To Be Learned From The Scariest Recent Open Source Vulnerabilities
Tis the season for spooks and frights, but the last thing any enterprise wants to experience is the terror of security vulnerabilities. In the past six months, we’ve seen three damaging open source security bugs; two of which have potentially exposed hundreds of thousands of websites and hundreds of millions of computers, servers, and devices...
- Login to post comments
OpenID Connect May Usher In A New Era Of Federated Online Identity
OpenID Connect is designed to replace username/password authentication. The protocol, in use by Google and others, may solve governments' needs to authenticate users accessing digital services...
- Login to post comments
Preventing the Next Heartbleed and Making FOSS More Secure
David Wheeler is a long-time leader in advising and working with the U.S. government on issues related to open source software. His personal webpage is a frequently cited source on open standards, open source software, and computer security. David is leading a new project, the CII Best Practices Badging project, which is part of the Linux Foundation's Core Infrastructure Initiative (CII) for strengthening the security of open source software. In this interview he talks about what it means for both government and other users...
- Login to post comments
Security's Future Belongs To Open Source
It's really not a debate question, it's just the way it is. The world runs on Linux and open-source software...
- Login to post comments
Stop laying the blame for Heartbleed on open source
Security experts acknowledge that open source is the best model for crypto, so how do we drive improvements to the model for creating security-critical infrastructure? Read More »
- Login to post comments
Tech Giants Back Initiative For Funding Crucial Open Source Projects
The nonprofit Linux Foundation has announced the Core Infrastructure Initiative, a multi-million dollar project aimed to fund open source projects critical for the global information infrastructure, and a dozen of big tech companies have joined it and will be providing the funds. Since the discovery of the OpenSSL Heartbleed bug some two weeks ago, the one positive thing brought forth by it is a better understanding of the limitations of open source software development.
- Login to post comments
Top 10 FOSS Legal Developments of 2014
The year 2014 continued the trend of the increasing importance of legal issues for the FOSS community. Continuing the tradition of looking back over the top ten legal developments in FOSS, my selection of the top ten issues for 2014 is as follows...
- Login to post comments