Security News

OpenSSF Launches Open Source Tool for Evaluating SAST Products
2020-12-09 19:06

The Open Source Security Foundation announced on Wednesday at the Black Hat Europe conference the availability of an open source tool designed for evaluating the ability of static analysis security testing products to detect vulnerabilities. The developers pointed out that less than 200 lines of code are typically required to create a new security tool integration, and they believe it can be easily integrated with not only open source tools, but also commercial products.

Open-source developers say securing their code is a soul-withering waste of time
2020-12-09 14:52

A new survey of the free and open-source software community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this. A report based on the answers of nearly 1,200 FOSS contributors carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard highlighted a "Clear need" for developers to dedicate more time to the security of FOSS projects as businesses and economies become increasingly reliant on open-source software.

Open source contributors spending no time on security
2020-12-09 05:00

The Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard announced the release of a report which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. Census II identified the most commonly used free and open source software components in production applications, while the survey and report shares findings directly from nearly 1,200 respondents working on them and other FOSS software.

Linux Foundation debuts new, secure, open source cloud native access management software platform
2020-12-08 16:00

Today, the Linux Foundation announced a cloud-native identity and access management software platform that prioritizes security and performance, the Janssen Project, which is based on the Gluu server and features signing and encryption functionalities. The Linux Foundation, a nonprofit organization enabling innovation through open source, also announced the Janssen Project Technical Steering Committee, which is comprised of engineers from IDEMIA, F5, BioID, Couchbase, and Gluu.

Open Source Does Not Equal Secure
2020-12-03 17:21

GitHub launched a deep-dive into the state of open source security, comparing information gathered from the organization's dependency security features and the six package ecosystems supported on the platform across October 1, 2019, to September 30, 2020, and October 1, 2018, to September 30, 2019. In comparison to 2019, GitHub found that 94% of projects now rely on open source components, with close to 700 dependencies on average.

Open source vulnerabilities go undetected for over four years
2020-12-03 11:58

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed.

Open Source Tool Helps Secure Siemens PCS 7 Control Systems
2020-12-03 11:57

Industrial cybersecurity company OTORIO has released an open source tool designed to help organizations harden Siemens' SIMATIC PCS 7 distributed control systems. According to the cybersecurity firm, the script is designed to assess the security configuration of the SIMATIC PCS 7 OS client, OS server and engineering station.

Financial services lead when it comes to fixing open source flaws
2020-11-20 04:00

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.

AWS includes open-source Suricata for stateful inspection with Network Firewall service
2020-11-19 19:10

The Firewall Manager is a centralised service for configuring firewalls across accounts and applications within an AWS user organisation, this being a way of managing multiple AWS accounts. The new AWS Network Firewall moves beyond the existing services by adding more intelligent rules using the open-source Suricata project for intrusion detection.

Linux and open source: The biggest issue in 2020
2020-11-18 17:00

See what Jack Wallen considers to be the biggest issue for Linux in 2020. Enterprise-level companies embraced open source software even further, containers and the cloud became even more crucial to both businesses and consumers, the Linux community found a larger piece of the support pie from large manufacturers like Microsoft, and distributions continued to wow.