BlackHat USA, an annual cybersecurity conference with global attendance since 1997, is an essential forum for sharing cutting-edge security research, trends, and networking among IT and cybersecurity professionals. From its humble origins in Las Vega...
BlackHat USA, an annual cybersecurity conference with global attendance since 1997, is an essential forum for sharing cutting-edge security research, trends, and networking among IT and cybersecurity professionals. From its humble origins in Las Vegas in 1997 until today, this international event draws attendees from all around the globe. Security vulnerabilities are exposed, defensive strategies are articulated, and an overall pulse is taken on the digital security industry.
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024 Survey—Understanding Current Needs." This report highlights the urgent need for formalized training and education in secure software development. It was derived from an industry survey of nearly 400 software developers, which revealed significant knowledge gaps.
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity, we advocate switching from Windows to Linux as a symbolic act with deeper roots in terms of freedom, security, and privacy embodied by Linux.
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly critical. Apache SpamAssassin is an anti-spam framework we stand behind and have been using in Guardian Digital EnGarde Cloud Email Security for decades as a component of our email security solution to help detect fraudulent and malicious mail.
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This development aims to address the increasing cybersecurity threats individuals and organizations face.
At The Linux Foundation's Open Source Summit North America, Linus Torvalds, the creator of Linux, discussed various topics related to Linux development and the challenges the open-source community faces. Torvalds addressed hardware errors, malicious developers, and the hype surrounding Artificial Intelligence (AI).
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security enthusiasts, and sysadmins. The SPDX community, in collaboration with the Linux Foundation, has evolved the widely used Software Bill of Materials (SBOM) communication format with a comprehensive set of updates, introducing new features and enhancements tailored to modern system use cases.
A recent data breach incident disclosed by the OWASP Foundation due to a wiki misconfiguration highlights a critical concern for security practitioners, specifically Linux admins and infosec professionals. The breach exposed personal information from members who joined the foundation between 2006 and 2014.
The Southern California Linux Expo (SCALE) 21x is a massive community-run open-source and free software conference. This year's event showcased various workshops, presentations, and networking events.
Canonical has announced extending Ubuntu's long-term support (LTS) to 12 years, providing security coverage from the initial release. While regular LTS releases receive 5 years of standard security updates, subscribing to Ubuntu Pro adds 5 years.
Canonical, the parent company of Ubuntu Linux, has reached its 20th anniversary. To honor this monumental birthday, we'll delve into Canonical's history and impact on the Linux ecosystem.
In the world of cloud-native computing, security is paramount. The recent announcement by the Cloud Native Computing Foundation (CNCF) about the graduation of Falco, a cloud-native security tool, brings it to the forefront. Falco, described as the de facto Kubernetes threat detection engine, has gained significant traction among notable organizations like Booz Allen Hamilton, GitLab, Shopify, and many more.
The Linux Foundation recently published a report titled Maintainer Perspectives on Open Source Software Security, which provides valuable insights into the perspectives, practices, and challenges faced by OSS maintainers and core contributors regarding open-source software security. The report highlights the importance of utilizing software composition analysis (SCA) and static application security testing (SAST) tools in evaluating the security of OSS packages.
The Linux Foundation's 2023 Open Source Generative AI Report delves into the advancements and implications of generative Artificial Intelligence (AI). As Linux admins, infosec professionals, and Internet security enthusiasts, it is crucial for us to understand the impact this technology has on our field. Let's critically analyze the insights from the report and explore the long-term consequences.
The Rust Foundation will be developing a training and certification program to ensure that developers who use the language can create secure software. The training will include both online and in-person options and will be available in many different languages.
It's no secret that Linux is the most popular operating system in the world. It's also no secret that it's a very secure OS, but many things can go wrong. It's hard to keep up with all the patches and vulnerabilities, especially when you must patch tens of thousands of servers without downtime. But Meta has a system for doing so!
KubeCon + CloudNativeCon provided valuable insights for security teams supporting cloud-native development, including securing GenAI, platform engineering and supply chains.
Cloud has become synonymous with enterprise IT, but let’s not get ahead of ourselves. Though enterprises now spend roughly $545 billion annually on cloud infrastructure, according to IDC, and 41% of that spend goes to the top five cloud providers, the reality is that a substantial amount of money, even “cloud” money, isn’t being spent with the big hyperscalers.
The annual Ubuntu Summit is where Linux and open-source software lovers gather to see what’s new. This year it will take place in the beautiful city of Riga, Latvia, November 3 to 5. And guess what? Microsoft, the big name we usually associate with paid software, joined the movement. This new partnership aims for greater collaboration between major technology companies and open-source communities.
Today at DockerCon, Docker has announced the General Availability of Docker Scout. With the integration of Sysdig Runtime Insights, Docker Scout helps developers prioritize risk. This will significantly improve software supply chain security. Let's find out why.