Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Microsoft Joins Open Source Security Foundation

Microsoft has invested in the security of open source software for many years and today I’m excited to share that Microsoft is joining industry partners to create the Open Source Security Foundation OpenSSF, a new cross-industry collaboration hosted at the Linux Foundation. The OpenSSF brings...

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

Bruce Schneier talks to Mike Mimoso about information he was given regarding an increase in DDoS and probing attacks targeting companies running core internet infrastructure in an attempt to test their defenses. For some additional context about this conversation, read an article by Schneier on...

Linux Foundation Badge Program Boost Open Source Security

The Linux Foundation says a new Core Infrastructure Initiative CII Best Practices Badge program launched Tuesday will help companies interested in adopting open source technologies evaluate projects based on security, quality and stability. The CII Best Practices Badge does not issue certificates...

The NTP daemon has a number of vulnerabilities need to fix-vulnerability warning-the black bar safety net

! Cisco to the Linux Foundation's Core Infrastructure implementation plan submitted by a number of the Network Time Protocol daemon vulnerability. They can allow an attacker to forge a UDP packet, causing a denial of service;or stop to set the correct time. Cisco's Talos security intelligence and...

Census Project Identifies Open Source Projects at Risk

Heartbleed may have brought on a major case of heartburn last April for system admins worldwide, but a positive offshoot of the biggest of the Internet-wide bugs was that it opened a lot of eyes to the lack of support afforded even ubiquitous open source software projects. Shortly after Heartblee...

OpenSSL to Patch High Severity Vulnerability this Week

The OpenSSL Foundation is set to release a handful of patches for undisclosed security vulnerabilities in its widely used open source software later this week, including one that has been rated "high" severity. In a mailing list note published last night, Matt Caswell of the OpenSSL Project Team...

OpenSSL Security Audit Ready to Start

Funding from the Core Infrastructure Initiative has helped the maintainers of OpenSSL, one of the Internet’s most-deployed pieces of open source software, begin to get the crypto implementation on its feet. Despite its ubiquity, OpenSSL has historically been under-funded and under-resourced, thou...

Google Announces its BoringSSL OpenSSL Fork

In the year-plus since surveillance, privacy and Snowden became part of the daily security conversation, technologies that safeguard online communication and commerce have become Job 1 for experts anxious to plug gaping flaws and shore up other usability deficiencies. OpenSSL is probably at the t...

Google Unveils BoringSSL, Another Flavor of OpenSSL

The open source encryption protocol, OpenSSL, which is used by several social networks, search engines, banks and other websites to enable secure connections while transmitting data, came to everybody's attention following the Heartbleed vulnerability, a critical bug in the OpenSSL's implementati...

OpenSSL issued a warning: memory 1 0 years of vulnerability may be hackers for“man in the middle”attack-vulnerability warning-the black bar safety net

On Thursday, the OpenSSL Foundation issued a warning that one already exists 1 0 years of the vulnerabilities could lead to hackers through the use of OpenSSL to encrypt the traffic to launch“man in the middle”attack. Information security experts are still trying to solve the OpenSSL encryption...

OpenSSL Receives Funding for Developers, Will Undergo Security Audit

Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit...

Group Backed by Google, Microsoft and Others to Help Fund OpenSSL and Other Open Source Projects

After the dust had started to settle in the wake of the OpenSSL Heartbleed vulnerability earlier this month, one of the common sentiments that emerged was that the small group developing and maintaining the software needed some help. And money. And resources. But mostly money. Now, the OpenSSL...

Google to Pay Rewards For Patches to Open Source Projects

Google, one of the first companies to offer a significant bug bounty program, is extending its rewards to researchers and developers who contribute patches to a variety of open source projects and have an effect on the security of the project. The new rewards will range from $500 to $3,133.70, an...