-
+39 +3
Can open source be saved from the EU's Cyber Resilience Act?
The road to Hell is paved with good intentions, and for open source this is a well meaning cluster fudge
-
+43 +2
Docker Scout Unveils Advanced Features to Bolster Software Supply Chain Integrity
Docker adds its own twist to software supply chain security.
-
+43 +6
Nasty bug discovered in widely used Linux utility curl, and patches already rolled out
Curl is built into and silently used in numerous Linux distributions. A nasty security hole within it has been revealed and patched.
-
+52 +7
Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever
The attack on Google Cloud was 7½ times larger than any previously recorded DDoS attack. Here's what else you need to know.
-
+44 +10
Ubuntu Linux 23.10 is adding an important new security feature
This has the potential to significantly improve Linux desktop and container security.
-
+50 +5
Thousands of Android devices come with unkillable backdoor preinstalled
Somehow, advanced Triada malware was added to devices before reaching resellers.
-
+51 +10
Patch now: This serious Linux vulnerability affects nearly all distributions
Qualys has discovered a nasty security hole, dubbed 'Looney Tunables', in the glibc C library. This means almost all Linux distributions have a bad security problem.
-
+44 +5
New cryptographic protocol aims to bolster open-source software security
The Linux Foundation, BastionZero, and Docker believe OpenPubkey bolsters zero-trust passwordless authentication.
-
+58 +7
Linux tries to dump Windows' notoriously insecure RNDIS protocol
Here we go again. Linux developers are trying, once more, to rid Linux of Microsoft's Remote Network Driver Interface Specification. Here's why it's complicated.
-
+50 +6
Chainguard's Wolfi: Revolutionizing Containerized Workloads with Rapid Updates and Robust Security
A Small Octopus and a Big Idea: How Wolfi Linux is Improving the Cloud’s Software Supply Chain Security.
-
+44 +6
Update NOW: OpenSSL 1.1.1's Shelf-Life Has Ended
The OpenSSL Project has announced that the long-term support version of OpenSSL 1.1.1 has come to the end of its lifecycle except for paying customers.
-
+41 +7
Now it's PostgreSQL's turn to have a bogus CVE
PostgreSQL and cURL aren't the only ones. Someone is faking security alerts for numerous open-source projects.
-
+36 +6
Australian Government, Of All Places, Says Age Verification Is A Privacy & Security Nightmare
In the past I’ve sometimes described Australia as the land where internet policy is completely upside down. Rather than having a system that protects intermediaries from liability for third party c…
-
+38 +5
Clouds vs cryptominers
It doesn't get the headlines of complete cloud failures, but criminal cryptominers such as TeamTNT quietly steal away your cloud resources every day.
-
+38 +3
Microsoft PowerShell Gallery Littered with Critical Vulnerabilities
It turns out Microsoft's PowerShell Galley has the same kind of security problems that plague npm and PyPI.
-
+30 +5
CVE-2020-19909: A Controversial Vulnerability for cURL
Is the current CVE system too easily manipulated? Will it lead to inflated severity scores that do not reflect actual threats? A recent cURL vulnerability puts this question to the test.
-
+28 +2
U.S. Government Tackles Open Source, Memory-Safe Programming Security
The US government is paying more attention to open source software and memory-safe programming languages, and is requesting input from the private sector.
-
+35 +4
A New Take on Software Code Security: The Open Source Consumption Manifesto
Open source is a blessing. It's also a curse when we don't take its security seriously. Now, the OpenSSF wants us all to take a long, hard look at how we consume and secure open-source software.
-
+30 +7
Post-Quantum Resilience for Security Keys
We introduce a hybrid digital signature scheme based on two building blocks: a classically-secure scheme, ECDSA, and a post-quantum secure one, Dilithium. Our hybrid scheme maintains the guarantees of each underlying building block even if the other one is broken, thus being resistant to classical and quantum attacks.
-
+29 +3
The cloud is critical infrastructure – here's what that really means
Policy has not kept pace with how essential cloud computing has become to critical systems. Cloud attacks, such as SolarWinds, aren't the only threat as evidenced | The cloud isn't just important for business, it's become vital, which means danger to the cloud is a danger to all of us.
Submit a link
Start a discussion