Language Selection

English French German Italian Portuguese Spanish

Top FOSS security vulnerabilities

Filed under
Security

Palamida, the San Francisco company that helps companies to audit their use of open source software, has released a list of what it calls "the top five most overlooked open source vulnerabilities." To this list, Palamida has added an additional five vulnerabilities exclusively for Linux.com.

The list is partly a promotion of Palamida's Vulnerability Reporting Solution, which recently added 431 security alerts based on National Vulnerability Database listings. However, the list is also designed to draw attention to the lax practices surrounding the use of open source software in business, according to Theresa Bui, co-founder and vice president of marketing at Palamida.

To be precise, the vulnerabilities on the list are based on Palamida's audits of its clients. These audits vary from scans of a few hundred megabytes of code to hundreds of gigabytes in a company's complete software infrastructure. The list summarizes the results of scanning 3-5 million lines of code, representing a minimum of 30% of a company's software assets and, more often, at least 50%.

More Here




More in Tux Machines

When Your Linux Servers Get Audited

If your Unix/Linux servers are to be involved in an ISO 27001 audit, there are a lot of things you should be doing ahead of time to ensure that they won't end up generating findings. While there are many things you can do to secure the systems you manage, the key to getting a Unix system to pass an ISO 27001 audit is knowing what the auditors are likely to ask and what they will need to see. Read more

Why Ubuntu plans to replace traditional Linux packages with something better

Ubuntu is about to undergo a dramatic overhaul. No, I don’t mean the huge shift to a converged Unity 8 desktop with the Mir display server, although that’s also coming. Ubuntu is going to move past Deb packages and apt-get in favor of Snappy, which is currently used for cloud images. Canonical’s Ubuntu isn’t the only project looking to replace Linux packages with something better. The GNOME project is working on a sandboxed, cross-distribution application package framework. Read more

FEDORA WORKSTATION NEXT STEPS : INTRODUCING PINOS

So what is Pinos? One of the original goals of Pinos was to provide the same level of advanced hardware handling for Video that PulseAudio provides for Audio. For those of you who has been around for a while you might remember how you once upon a time could only have one application using the sound card at the same time until PulseAudio properly fixed that. Well Pinos will allow you to share your video camera between multiple applications and also provide an easy to use API to do so. Read more

Razer’s open source virtual reality project now supports Android devices

Razer’s open source virtual reality project will support Android, which opens up the future of this mind-altering world to multiple devices. Read more