Topic: heartbleed

Going to school on open-source security

Open-source software forms the backbone of most modern applications. According to the 2018 Black Duck by Synopsys Open Source Security and Risk Analysis Report, 96 percent of the 1,100 commercial applications that the company audited for the survey contained open-source components, with each application containing an average of 257 open-source components. In addition, on average, … continue reading

Core Infrastructure Initiative celebrates three years with new structure and more strategy

It has been three years since the Heartbleed bug plagued the Internet, and the Linux Foundation’s Core Infrastructure Initiative (CII) was formed. As the organization embarks on the next three years, it is making new structure funding decisions, and hoping to do “less fire-fighting” and “more strategizing.” The CII is introducing new membership levels; a … continue reading

Guest View: The perils of open-source software security

Almost every modern business and application uses open-source modules. It’s misleading to spend time distinguishing between open-source and proprietary software, because modern applications include third-party software components. Many of those components are open source, and very few companies have a solid understanding of the security vulnerabilities that come with the code. The reach and impact … continue reading

Nmap 7 is released

The quintessential open-source network mapper, Nmap, was updated to version 7 yesterday. This version includes mature IPv6 support and expanded capabilities for its scripting engine. The biggest draw for security-wary developers and admins alike, however, may be the top-shelf SSL/TLS scanning. With SSL and TLS vulnerable to so many different attacks discovered over the past … continue reading

OpenSSL to undergo massive security audit

Now that its codebase is finally viewed as stable, OpenSSL is getting a good top-to-bottom once-over in the form of a sweeping audit. It’s been close to a year since the Heartbleed bug sent the Internet into a frenzy over security. It spurred the software industry to rally behind OpenSSL—sending in more developers, revamping the … continue reading

The year security was on everyone’s mind

Every year there are a number of vulnerabilities exposed and exploited, but 2014 was bad in terms of software security. In the beginning of the year, Cenzic revealed the latest results from its 2014 Application Vulnerability Trends report and found that a majority of apps have at least one security vulnerability; but it wouldn’t be … continue reading

2014: Into the breach

Software vulnerabilities have existed for as long as there has been software. Organizations and their developers have been locked in a cat-and-mouse game with the legion of hackers looking to steal data. Every time one breach is fixed, another is exploited, and ‘round and ‘round it goes. So, after Julian Assange and WikiLeaks, Edward Snowden, … continue reading

SD Times news digest: Sept. 26, 2014—Detecting Shellshock, and Google’s developer survey

Have you been Shellshocked? A new website has launched for users to test if their systems have been affected by the Bash vulnerability known as Shellshock. Shellshock is said to pose a bigger threat than OpenSSL’s Heartbleed bug, according to security researchers. “If your system has not updated bash in the last 24 hours, you’re … continue reading

OpenSSL unveils first security policy

The development team behind the OpenSSL open-source encryption toolkit has released its first official security policy, laying out its internal security protocols and plans to pre-notify organizations implementing OpenSSL about impending updates and security fixes. The OpenSSL pre-notification policy will allow notices to be sent out over the OpenSSL mailing list and on the homepage … continue reading

OpenSSL issues nine software fixes for encryption scheme

The popular OpenSSL encryption scheme underlying much of the Web’s security protocols is finally turning a corner. With Heartbleed now well behind it, the open-source SSL/TLS security protocol released a project road map laying out its short- and long-term goals, and it has issued nine security fixes to the encryption scheme. In a Security Advisory, … continue reading

From the Editors: Be the secure manager

It’s a mess out there. OpenSSL was compromised. The U.S. government is in your database. Cats and dogs living together; mass hysteria! But there is a solution. You, as a software development manager, hold the keys to making sure your software is secure. You hold the keys to making sure your infrastructure is secure. You … continue reading

Security is front and center for developers

When it was announced on June 8 that OpenSSL was vulnerable to a dangerous new attack that could reveal security certificates to an attacker, the Internet spent a few days in panic mode. Thousands, if not millions, of sites used (and still use) OpenSSL, and the fix for the problem took a few days to … continue reading

DMCA.com Protection Status