Security Projects - Page 9
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Rust is creeping into the Linux kernel - which could mean a major step forward for Linux security.
The Rust for Linux project, sponsored by Google, has advanced with use of a beta Rust compiler (as opposed to a nightly build), testing ARM and RISC-V architecture support, new Rust abstractions, and more. Torvalds reckons 'it might be mergeable for 5.14'.
Scorecards 2.0 , Google's new open-source security software program, can quickly tell you just how secure - or insecure - open-source software really is.
Google recognizes that before you can understand something, you need to measure it, and is bringing a way to measure security errors across open-source software programs.
The Internet Security Research Group - backed by Google's financial support - has provided prominent developer Miguel Ojeda with a one-year contract to work on Rust in Linux and other security efforts full-time.
To tackle the growing threat of attacks on the software supply chain, Google has proposed the Supply chain Levels for Software Artifacts framework, or SLSA which is pronounced "salsa". Can Google's 'salsa' make life harder for supply chain attackers? Comment below - we want to hear what you think!
As the Linux Foundation's Zephyr Project celebrates its fifth anniversary, it has become apparent that addressing constrained device security challenges is more critical than ever. Luckily, the Zephyr Project is rising to meet these challenges. Learn how.
Cockpit is a beginner friendly web-based Linux server manager that lets you manage a remote Linux system through a browser window. With Cockpit, you can view system log entries, monitor network activity, start and stop services, and more! Learn more about this useful app and how to install it on Linux.
The Tails amnesic incognito live system (a.k.a. anonymous OS) has been updated to version 4.18, featuring a selection of bug fixes and improvements including Tor Browser 10.0.16 and updated Intel firmware.
A majority of the open source codebases found in commercial applications analyzed by Synopsys contained security vulnerabilities.
The first patches for Rust support in the Linux kernel have been posted and Linus Torvalds says that things are "getting to the point where maybe it might be mergeable for 5.14 or something like that". In Torvalds' opinion, the fact that these are being discussed is much more important than a long post by Google about the language.
Google's Android Team is backing an effort to introduce Rust as a second programming language in the Linux kernel in an effort to improve security.
Thanks to Asahi Linux, the Linux kernel will soon have initial support for Apple’s M1 chipset. This will likely arrive as part of the upcoming Linux 5.13 update.
Google is now paying developers more money to work on securing their Linux kernels - a gesture that may well be the start of the company’s bid to enforce a tighter grip on Open Source.
In an effort to improve security, Linux Mint has announced that it will inform users about important security updates - but not enforce them. Do you think Mint has made the right call?
Learn how to install SpiderFoot - an excellent open-source security scanner - to analyze vulnerabilities and malicious functions on Ubuntu Linux servers and assist in your pentesting endeavors in this tutorial.
Clem Lefebvre, head of the Linux Mint project, has written a blog post outlining new notifications that try not to be annoying but also remind users that they need to perform software updates to keep their computer secure. What are your thoughts?
Container security is tricky, but using the right tools and utilities can make things much easier - and greatly improve security! Here are 17 great open-source container security tools to consider adding to your arsenal.
I’m writing this post because I often hear that kernel exploitation is intimidating or difficult to learn. As a result, I’ve decided to start a series of basic bugs and exercises to get you started! Prerequisites Knowledge of the Linux command line Knowing how to read and write basic C may be beneficial Being able to debug with the help of a virtual computer or another system Able to install the kernel module compilation build requirements A basic understanding of the difference between userland and kernelland could be helpful Having a basic understanding of assembly can be beneficial for future episodes For this part, I wrote a simple Linux character device, /dev/shell. This driver will take two arguments, uid and cmd, and it will execute the cmd command as the specified uid. To understand how this driver works, I’ll explain a few things!
Linus Torvalds and Greg Kroah-Hartman have shared their thoughts with ZDNet's Steven J. Vaughan-Nichols about the possibility of new Linux kernel code being written in Rust—a high performance but memory-safe language sponsored by the Mozilla project.