“Prehistoric” bugs in dnsmasq strike Android, Linux and Google’s Kubernetes
Ancient open source bugs hit just about every device with a Linux kernel.
Ancient open source bugs hit just about every device with a Linux kernel.
Launches of numerous new security tools, from a range of vendors, suggested that we are in a time of strong security innovation. Some of that innovation is also coming from open-source vendors like security specialists Kustodian, who have eschewed commercial solutions and gone open source-only to improve their value proposition and target companies like SMEs, who struggle to boost security without a lot of money to spend.
David Braue | 09 Nov | Read more
Potentially saving the world from another online security disaster like last year's Heartbleed, Amazon Web Services has released as open source a cryptographic module for securing sensitive data passing over the Internet.
Joab Jackson | 01 Jul | Read more
Open-source software projects are often well intended, but security can take a back seat to making the code work.
Jeremy Kirk | 27 Mar | Read more
A group dedicated to averting another Heartbleed-style vulnerability is narrowing down a list of critical open source projects that will receive its funding and support.
Jeremy Kirk | 10 Feb | Read more
In today's world of agile software development and fast release cycles, developers increasingly rely on third-party libraries and components to get the job done. Since many of those libraries come from long-running, open-source projects, developers often assume they're getting well-written, bug-free code. They're wrong.
Lucian Constantin | 31 Dec | Read more
Security advisories for OpenSSL should not be used for competitive advantage, according to the development project behind the widely used cryptography component.
Jeremy Kirk | 09 Sep | Read more
The team at Mitro Labs, the developer of a password manager, is joining Twitter, and its software is being released under a free and open source license, Mitro said Thursday.
John Ribeiro | 01 Aug | Read more
The OpenSSL Project is planning a number of changes to ensure its security component, used across millions of computers across the Internet, is in tip-top shape.
Jeremy Kirk | 02 Jul | Read more
This year has been the best of times and the worst of times for open source code and security.
Maria Korolov | 02 Jul | Read more
The security of open source software relies on the community spotting errors -- but Heartbleed and other recent events suggest that that's not happening.
Paul Rubens | 13 Jun | Read more
OpenSSL is getting funded for two full-time developers and a security audit in an attempt to prevent another devastating bug like Heartbleed.
Jared Newman | 30 May | Read more
Hackers claiming to have found a critical flaw in a widely used open-source remote login software, OpenSSH, are likely bluffing, according to a developer affiliated with the project.
Jeremy Kirk | 06 May | Read more
When the OpenSSL Heartbleed bug surfaced earlier in April, many people were shocked to discover that one of the most critical pieces of online infrastructure was so poorly supported.
Computerworld offers a Tip of the Hat to The Register's Chris Williams for his insights on how a lack of oversight of open source technologies contributed to to the creation -- and the two-year spread -- of the Heartbleed bug.
Mike Bucken | 12 Apr | Read more