Security Projects - Page 7
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Following the July disclosure of the Retbleed CPU security vulnerability affecting older processors and an AMD change made in August, here is a fresh look at the performance impact of the Retbleed mitigations on Linux, including if opting for the IBPB-based Retbleed mitigation, and the accumulated CPU security mitigation impact for Zen 2 with the flagship Ryzen 9 3950X processor.
A change queued up as part of the "x86/mm" TIP changes expected to land for Linux 6.1 will now have the default kernel configuration warn at kernel boot time around any W+X mappings that pose a security risk.
SOS.dev initiative will combat software supply chain attacks by encouraging researchers to suggest security improvements to key projects.
'Experimental mitigations' in a custom kernel could make life harder for hackers.
Cloud-based code hosting platform GitHub has announced that it will now start sending Dependabot alerts for vulnerable GitHub Actions to help developers fix security issues in CI/CD workflows.
Another big ticket feature has made it for the Linux 6.0 kernel: the Runtime Verification infrastructure for running Linux on safety-critical systems.
Emmabuntüs 1.02 is here almost seven months after Emmabuntüs 1.01 and it’s based on the Debian GNU/Linux 11.4 “Bullseye” release that arrived last month with 79 security updates and 81 miscellaneous bug fixes.
Linus Torvalds has announced the release and general availability of the Linux 5.19 kernel series as a major branch that brings more new features, improved hardware support, and lots of bug and security fixes.
Everyone knows the phrase “software is eating the world” by Marc Andreessen from over a decade ago. Software powers and touches nearly every aspect of modern society, both personally and professionally, and is critical to the modern economy and national security.
4,000 Google Titan security keys should help to protect critical Python projects from software supply chain attacks.
If you spent the early days of June fighting kernel panics in Ubuntu 20.04, you were not alone – and we now know why.
A "sched/fair" change for Linux 5.20 aims to enhance the efficiency when searching for an idle CPU under heavy system load. The change led by Intel should improve the kernel's efficiency when the system is overloaded but as with most low-level tuning does run the risk of regressions.
Last month Microsoft issued the first production release of CBL-Mariner 2.0, its in-house Linux distribution used for powering services from Microsoft Azure to WSL use-cases and more. CBL-Mariner 2.0 this weekend saw a rather large monthly update with a number of fixes, package updates, and new additions to this "Common Base Linux" platform.
Rust, the fast-growing systems programming language, may be merged into the Linux kernel next year, or “maybe the next release,” according to Linux creator Linus Torvalds.
There has been an interesting development in this month’s Linux Mint news segment regarding the future of the backup utility Timeshift which has become a core part of the distro in recent years. It turns out that Tony George, the developer behind the project doesn’t have time to work on Timeshift any longer and has agreed for the Mint team to take over. As part of the plans, Timeshift will now become a XApp, a suite of apps developed by the Mint team.
The Google Open Source Maintenance Crew will support under-resourced critical open-source products to fix security issues.
The financial services company's prototype system based on CNCF's software supply chain security guidelines joins OpenSSF's $150 million open source standards campaign.
The Open Source Software Security Foundation (OpenSSF), a project of the Linux Foundation, has come up with a 10-point plan to improve the safety of the software supply chain, costed at $147.9M over two years, though it relies in part on developers changing their behaviour to take more account of security issues.
The Google and OpenSSF Package Analysis project aims to reduce security risks created by developers' crazy package-updating schedules.
After a short delay, Linus Torvalds has announced the latest version of the Linux kernel, version 5.17, which adds major security enhancements.