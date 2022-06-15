The US military wants to understand the most important software on Earth Now DARPA, the US military’s research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it’s too late. DARPA’s “SocialCyber” program is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It’s different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software. “The open-source ecosystem is one of the grandest enterprises in human history,” says Sergey Bratus, the DARPA program manager behind the project.

Security Leftovers My Favorite IT Security Event: Pass the SALT | Random thoughts of Peter 'CzP' Czanik “Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?

Easily Add Full-Disk Encryption to Linux with JumpCloud [Ed: Proprietary software invalidates any encryption in Linux]

Crypto-Gram, February 15th, 2003 CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. In this issue, Random Notes on the SQL Slammer, The Importance of Authentication, and a nice analysis of Matt Blaze's door locks attack in Locks and Full Disclosure. "I'd rather have as much information as I can to make an informed decision about security. I'd rather have the information I need to pressure vendors to improve security. I don't want to live in a world where locksmiths can sell me a master key system that they know doesn't work or where the government can implement security measures without accountability.". . .

Security updates for Thursday Security updates have been issued by Debian (request-tracker4), Fedora (kernel and vim), Mageia (gerbv, gnupg2, pgadmin4, and python-coookiecutter), Slackware (xorg), SUSE (cifs-utils, gmp, gnutls, libnettle, kernel, libsolv, libzypp, zypper, logrotate, openssl-1_1, opera, squid, and virglrenderer), and Ubuntu (ca-certificates, git, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-kvm, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-aws, linux-oem-5.14, and vim).

5 Tricky Container Security Challenges - Container Journal Containerized environments can be relatively complex to secure, particularly for enterprise teams used to more traditional network security processes and strategies. There was initial optimism that containerized infrastructure would actually be more inherently secure because microservices are limited in function and can be hardened. The reality, though, has proved otherwise. Here are five reasons why securing container and Kubernetes environments requires new approaches that must diverge from—and go beyond—traditional security capabilities.