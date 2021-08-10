Security Leftovers
Security updates for Tuesday
Security updates have been issued by Debian (ffmpeg), Fedora (htmldoc, moby-engine, plantuml, and zchunk), Oracle (java-1.8.0-openjdk, java-17-openjdk, and kernel), Red Hat (java-1.8.0-openjdk), Scientific Linux (java-1.8.0-openjdk), SUSE (kernel, mutt, SUSE Manager Client Tools, and xen), and Ubuntu (barbican and git).
Homeland Security bug bounty program reveals 122 holes • The Register
The first bug bounty program by America's Homeland Security has led to the discovery and disclosure of 122 vulnerabilities, 27 of which were deemed critical.
In total, more than 450 security researchers participated in the Hack DHS program and identified weaknesses in "select" external Dept of Homeland Security (DHS) systems. At the end of the hack-a-thon, the department awarded these carefully vetted bug hunters $125,600 total for finding and disclosing the flaws, which is relatively cheap considering, for instance, Google has paid out millions for similar bugs. More cash is set to come from Homeland Security, we note.
"The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited," DHS Chief Information Officer Eric Hysen said in a statement.
Reproducible Builds: Supporter spotlight: Google Open Source Security Team (GOSST)
The Reproducible Builds project relies on several projects, supporters and sponsors for financial support, but they are also valued as ambassadors who spread the word about our project and the work that we do.
This is the fourth instalment in a series featuring the projects, companies and individuals who support the Reproducible Builds project. If you are a supporter of the Reproducible Builds project (of whatever size) and would like to be featured here, please let get in touch with us at contact@reproducible-builds.org.
