Security News

The Open Source Security Foundation announced on Wednesday at the Black Hat Europe conference the availability of an open source tool designed for evaluating the ability of static analysis security testing products to detect vulnerabilities. The developers pointed out that less than 200 lines of code are typically required to create a new security tool integration, and they believe it can be easily integrated with not only open source tools, but also commercial products.

A new survey of the free and open-source software community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this. A report based on the answers of nearly 1,200 FOSS contributors carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard highlighted a "Clear need" for developers to dedicate more time to the security of FOSS projects as businesses and economies become increasingly reliant on open-source software.

The Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard announced the release of a report which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. Census II identified the most commonly used free and open source software components in production applications, while the survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.

Today, the Linux Foundation announced a cloud-native identity and access management software platform that prioritizes security and performance, the Janssen Project, which is based on the Gluu server and features signing and encryption functionalities. The Linux Foundation, a nonprofit organization enabling innovation through open source, also announced the Janssen Project Technical Steering Committee, which is comprised of engineers from IDEMIA, F5, BioID, Couchbase, and Gluu.

GitHub launched a deep-dive into the state of open source security, comparing information gathered from the organization's dependency security features and the six package ecosystems supported on the platform across October 1, 2019, to September 30, 2020, and October 1, 2018, to September 30, 2019. In comparison to 2019, GitHub found that 94% of projects now rely on open source components, with close to 700 dependencies on average.

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed.

Industrial cybersecurity company OTORIO has released an open source tool designed to help organizations harden Siemens' SIMATIC PCS 7 distributed control systems. According to the cybersecurity firm, the script is designed to assess the security configuration of the SIMATIC PCS 7 OS client, OS server and engineering station.

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.

The Firewall Manager is a centralised service for configuring firewalls across accounts and applications within an AWS user organisation, this being a way of managing multiple AWS accounts. The new AWS Network Firewall moves beyond the existing services by adding more intelligent rules using the open-source Suricata project for intrusion detection.

See what Jack Wallen considers to be the biggest issue for Linux in 2020. Enterprise-level companies embraced open source software even further, containers and the cloud became even more crucial to both businesses and consumers, the Linux community found a larger piece of the support pie from large manufacturers like Microsoft, and distributions continued to wow.