Language Selection

English French German Italian Portuguese Spanish

Ubuntu publisher, Samsung, Huawei join major open-source security initiative

Filed under
OSS
Security

Security has always been of utmost importance to the entire open source ecosystem.

Eric S. Raymond, one of the luminaries of the open source movement, in his famous essay, Cathedral and the Bazaar, wrote “given enough eyeballs, all bugs are shallow.” While still true, the complexity of software, and the increasing number of collaborators, puts an increasing onus on the eyeballs hunting for vulnerabilities.

In addition to well-defined security policies at a project level, virtually all of the top organisations that contribute to open source software have security initiatives of their own.

Read more

Open Source Security Foundation Announces Education Courses...

  • Open Source Security Foundation Announces Education Courses and Participation Initiatives to Advance its Commitment to Securing the World’s Software Infrastructure

    OpenSSF, a cross-industry collaboration to secure the open source ecosystem, today announced free training for developing secure software, a new OpenSSF professional certificate program called Secure Software Development Fundamentals and additional program and technical initiatives. It is also announcing new contributors to the Foundation and newly elected advisory council and governing board members.

    Open source software has become pervasive across industries, and ensuring its security is of primary importance. The OpenSSF, hosted at the Linux Foundation, provides a structured forum for a collaborative, cross-industry effort. The foundation is committed to working both upstream and with existing communities to advance open source security for all.

Microsoft Inside

  • OpenSSF and Linux Foundation offer 3 free courses on developing secure open source software - TechRepublic [Ed: OpenSSF already infiltrated and now headed by Microsoft (the NSA back doors giant ), so Linux Foundation is a total farce]

    Open Source Security Foundation (OpenSSF), hosted at the Linux Foundation, announced on Thursday that it is offering free training for developing secure software as well as adding a new certification and providing program and technical initiatives.

    OpenSSF is a cross-industry collaboration to secure the open source ecosystem. Open source software is available across all industries and making sure it is secure is more important than ever before.

  • OpenSSF Introduces Free Courses On How To Develop Secure Software

    OpenSSF has also elected Kay Williams from Microsoft as Governing Board Chair. The election for the Security Community Individual Representative to the Governing Board is currently underway and results will be announced by OpenSSF in November.

    Ryan Haning from Microsoft has been elected Chair of the Technical Advisory Council (TAC).

  • Open Source Security Foundation launches a new certification program on edX

    One final note, the OpenSSF is incorporating the Core Infrastructure Initiative (CII) projects. CII has been working on securing older, popular open-source programs, which were not receiving enough funding. These programs include the CII Census, a quantitative analysis to identify critical OSS projects; CII Best Practices badge project; and the CII FOSS Contributor Survey, a quantitative survey of OSS developers. Both will become part of the OpenSSF Securing Critical Projects working group. These efforts will continue to be implemented by the Laboratory for Innovation Science at Harvard (LISH).

SUSE joins OpenSSF as Trustworthy Security Drives Innovation

  • SUSE joins OpenSSF as Trustworthy Security Drives Innovation

    Today, we’re proud to announce that SUSE has joined the Open Source Security Foundation (OpenSSF). As open source becomes the backbone of digital transformation, its security is ever more essential. In OpenSSF, the open source community collaborates on vulnerability disclosures and security tooling, and it creates best practices to keep all users of open source solutions safe.

Arduino joins the Open Source Security Foundation

  • Arduino joins the Open Source Security Foundation

    As an open-source project, Arduino has always considered security a top priority: making tools and products easy to use for our community has consistently been as important as making them secure.

    Today, we are excited to announce that Arduino has joined the Open Source Security Foundation (OpenSFF), the collaborative cross-industry effort to secure the open-source ecosystem.

    Hosted at the Linux Foundation, the OpenSFF brings together the efforts of the Core Infrastructure Initiative (CII) and GitHub’s Open Source Security Coalition and is committed to working both upstream and with existing communities to advance the security of open-source software. The foundation will initially include technical initiatives and working groups that will address vulnerability disclosures, security tooling, security best practices, and the identification of security threats to the open-source project.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Assign Actions To Touchpad Gestures On Linux With Touchegg

The application runs in the background, transforming the multi-touch gestures you make on your touchpad into various desktop actions. For example, you can minimize a window by swiping down using 3 fingers, pinch in using 2 fingers to zoom in, etc. This is a demo video recorded by the Touchegg developer (image above credits also go to the dev). Read more

Meet DevTerm: An Open Source Portable Linux Terminal For Developers

You may be familiar with Clockwork company, which earlier launched an open-source Linux-powered portable game console called GameShell for gamers. Now, they’re back with another new portable and modular device called DevTerm for developers, which you can easily carry along wherever you go. Read more

Android Leftovers

today's leftovers

  • GPUOpen Software Updated For The Radeon RX 6000 Series - Phoronix

    AMD has updated their collection of software offered under their "GPUOpen" umbrella for Radeon RX 6000 series / RDNA 2 compatibility. The Radeon GPU Profiler, Radeon Memory Visualizer, and other software packages offered via GPUOpen have been updated with "Big Navi" RDNA2 support.

  • OctopusWAF: A Customizable Open-Source WAF for High Performance Applications

    Mainstream web application firewalls (WAFs) can be very difficult to understand, with thousands of lines of code and obscure plugins. This complexity makes it challenging for developers to modify code to block specific anomalies and secure their applications. But OctopusWAF is different - the open-source WAF is customizable, user-friendly and optimized for a large number of parallel connections - making it ideal for high performance Asynchronous JavaScript and XML (AJAX) applications.

  • ZLUDA: Drop-In Open-Source CUDA Support For Intel Xe / UHD Graphics

    An interesting solution built off Intel's oneAPI Level Zero is the open-source "ZLUDA" that is providing a "Level Zero CUDA" implementation for being able to run programs geared for NVIDIA CUDA atop Intel UHD / Xe Graphics hardware. ZLUDA is a project independent of NVIDIA and Intel but one of the most interesting external projects we have seen so far targeting Intel's Level Zero interface. ZLUDA allows for unmodified CUDA applications to run on Intel GPUs with "near native" performance through this alternative libcuda running with Skylake / Gen9 graphics and newer.

  • Portwell and Congatec spin Elkhart Lake modules in multiple form factors

    Portwell unveiled a “PQ7-M109” Qseven module with Intel’s Atom x-6000. Congatec recently announced x6000 modules in Qseven (Conga-QA7), SMARC, (Conga-SA7), Mini Type 10 (Conga-MA7), and Compact Type 6 (Conga-TCA7) form factors. Portwell has announced the PQ7-M109, its first product based on Intel’s 10nm fabricated Elkhart Lake family of low-power system-on-chips, which includes several Atom x-6000, Celeron, and Pentium models. In September, in reporting on Congatec’s Elkhart Lake based Conga-PA7 Pico-ITX SBC, we promised to cover Congatec’s four Elkhart Lake compute modules in a separate report. Well, better late than ever: We briefly summarize Congatec’s Conga-QA7 (Qseven), Conga-SA7 (SMARC), and Conga-MA7 (COM Express Mini Type 10) and Conga-TCA7 (Compact Type-6) modules farther below.

  • Kubernetes and SUSE Enterprise Storage 7 - SUSE Communities

    Rook is a CNCF – the Cloud Native Compute Foundation (CNCF) hosts Kubernetes and related open source projects – graduated project which automates the installation, deployment and upgrade of Ceph. It takes care to launch and configure all Ceph components correctly, setup Ceph on storage devices and allows Kubernetes applications to use Ceph as storage – for block, file, and object storage. Deployment with Rook is like many other Kubernetes installation, you install Rook using a helm chart that you can configure, and then Kubernetes will do all the necessary steps to setup Ceph. You can also connect to the Ceph dashboard and see how your applications use storage. Once Rook is up, your containerized applications can use Ceph as persistent storage using the usual Kubernetes APIs like PersistentVolumeClaims (PVCs). Running Ceph with Rook on Kubernetes means that you have a smaller footprint overall instead of setting up a separate Ceph cluster and a Kubernetes cluster. Kubernetes will run applications and storage together in the same infrastructure. This is not advised for very large storage installations but a great option for a Kubernetes cluster that needs a smaller storage configuration. Depending on your use-cases and requirements, you can use dedicated storage nodes in your single cluster – and have dedicated application nodes – or use all your nodes for storage and applications.

  • Digest of YaST Development Sprint 113 | YaST

    Time flies and it has been already two weeks since our previous development report. On these special days, we keep being the YaST + Cockpit Team and we have news on both fronts. So let’s do a quick recap. Cockpit Modules Our Cockpit module to manage wicked keeps improving. Apart from several small enhancements, the module has now better error reporting and correctly manages those asynchronous operations that wicked takes some time to perform. In addition, we have improved the integration with a default Cockpit installation, ensuring the new module replaces the default network one (which relies on Network Manager) if both are installed. In the following days we will release RPM packages and a separate blog post to definitely present Cockpit Wicked to the world. On the other hand, we also have news about our Cockpit module to manage transactional updates. We are creating some early functional prototypes of the user interface to be used as a base for future development and discussions. You can check the details and several screenshots at the following pull requests: request#3, request#5.

  • Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies [Ed: They say almost nothing about the fact that you actually need to sabotage your GNU/Linux setup and have malware installed on it for this to become a risk. Microsoft propaganda at ZDNet set off this "Linux" FUD.]

    According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.