Open source software has become commonplace in all sorts of environments. But its very nature means that those responsible for their users' or organization's security need to be able to understand and verify its security.

Today The Linux Foundation is announcing the formation of the Open Source Security Foundation (OpenSSF). This is a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices.

Continue reading →

Whenever I call Microsoft an open source champion or leader, the Linux fanboys come out in droves to tell me I am wrong. Unfortunately for them, I am extremely correct on the subject. Look, I get it, Microsoft was hostile towards both the open source and Linux communities years ago, but things change. The Windows-maker contributes to countless open source projects while also providing Linux programs, such as Procman. It is time for the open source and Linux communities to soften their stance on the company -- Microsoft is not your enemy!

Today, Microsoft proves once again that it is a friend of the open source community. You see, the storied company has become a Corporate Gold member of the Blender Development Fund. What does that mean? Essentially, Microsoft has handed over some of its money to help the development of popular open source program Blender -- free software for 3D creators.

Continue reading →

Developers frequently make use of open source components in order to speed up projects and save them having to reinvent tasks. But this can lead to the introduction of hidden security risks.

Now though open source marketplace xs:code is launching a new, free Chrome extension, xs:code Insights, which provides users with intuitive, in-depth analytics on open source repositories, including repository score, security analysis, maintenance and activity status, reviews, ratings and more.

Continue reading →

Using complex cloud applications built with microservices and APIs can often expose business logic that threat actors use to infiltrate applications and private data.

A new application security company Traceable is launching today with a platform that traces end-to-end application activity from the user and session all the way through the application code. Traceable's TraceAI machine learning and distributed tracing technology analyzes data to learn normal application behavior and detect any activity that deviates from the norm.

Continue reading →

We recently told you that the thin and light Dell XPS 13 Developer Edition has finally started shipping with Ubuntu 20.04 LTS. While that is certainly cool, the reality is, Linux-focused companies like System76 were shipping out computers with the newest Ubuntu LTS  pre-installed way before that. In fact, System76 even offers the option of its own operating system that is based on Ubuntu 20.04. Called "Pop!_OS," the Linux distribution adds many beneficial tweaks and enhancements to improve the overall user experience.

Today, System76 refreshes its popular Oryx Pro laptop, and you can choose between Ubuntu 20.04 and Pop!_OS 20.04 (I would recommend the latter). The powerful notebook (with 15.6-inch or 17.3-inch display options) now comes with a cutting-edge 10th Gen Intel Core i7-10875H CPU which offers an impressive 8 cores and 16 threads. You also get an NVIDIA RTX 20-series GPU which can work in conjunction with the Intel graphics thanks to the smart graphic-switching capabilities baked into Pop!_OS.

Continue reading →

Open source components are now at the core of many applications and a good deal of infrastructure. But what implications does this have for security?

The Information Security Forum has released a new paper, Deploying Open Source Software: Challenges and Rewards, to help security professionals recognize the benefits and perceived challenges of using open source and set up a program of protective measures to effectively manage it.

Continue reading →

Open source software is commonly used to save time as it means developers don't end up repeating the same things over and over.

One of the key things about open source is that the source code is open to examination by everyone, In security terms this means it’s open to both the attackers and defenders.

Continue reading →

Open source code allows developers to quickly integrate new capabilities into applications without having to reinvent the wheel, but it doesn't come without hazards.

A new report from RiskSense provides in-depth findings on vulnerabilities in leading open source software (OSS), including the most weaponized weaknesses, which software is most at risk, and the top types of attacks.

Continue reading →

Apple has launched a new open source project designed to promote collaboration between the  developers of password management software to help improve security for users.

The Password Manager Resources project has been created to make it easier for the developers of password managers to work together to ensure interoperability with websites, and to create a better experience for users. The aim is to integrate the strong password generating capabilities of the iCloud Keychain platform into password management apps.

Continue reading →

Usually files are encrypted while in storage or in transit but are decrypted in order to be used, providing a window of opportunity for hackers to access the information.

The technique of fully homomorphic encryption (FHE) solves this problem by allowing the manipulation of data by permissioned parties while it remains encrypted, therefore minimizing the time it exists in its most vulnerable state.

Continue reading →

IBM is announcing changes to its AI Fairness 360 toolkit to increase its functionality and make it available to a wide range of developers.

AIF360 is an open source toolkit that contains over 70 fairness metrics and 11 state-of-the-art bias mitigation algorithms developed by the research community to help examine, report, and mitigate discrimination and bias in machine learning models throughout the AI application lifecycle.

Continue reading →

When Microsoft launched its Linux-style package manager WinGet, there were immediate comparison to the rival tool AppGet. While AppGet is an open source project, developer Keivan Beigi was unhappy that Microsoft had essentially copied much of his work, and failed to give him credit.

His accusations were not without basis, as he had met with a Microsoft manager to discuss "how we can make your life easier building appget". Now Microsoft has conceded that it did not credit the influence and work of Beigi, and has taken steps to remedy this.

Continue reading →

Microsoft may be hosting its Build developer conference virtually this year, but this doesn't mean there's anything less than normal being unveiled. Among the announcement and launches is the first preview of the Windows Package Manager.

The open source tool has been created to make it easier to install software, automating and speeding up the process. If you've used a package manager in a Linux distro, the idea is very similar, and Microsoft acknowledge that it is something Windows devs have been asking for for some time.

Continue reading →

New research from application security specialist Veracode finds seven in 10 applications have a security flaw in an open source library on initial scan, highlighting how use of open source can introduce flaws, increase risk, and add to security debt.

The study analyzed the component open source libraries across the Veracode platform database of 85,000 applications, accounting for 351,000 unique external libraries. Nearly all modern applications, including those sold commercially, are built using some open source components.

Continue reading →

Normally at this time of year IBM's annual Think conference would be getting underway. This year's event is, of course, being held digitally and has kicked off with some new announcements.

The first is the unveiling of IBM Watson AIOps, a new offering that uses AI to automate how enterprises self-detect, diagnose and respond to IT anomalies in real time.

Continue reading →