Security and privacy

How I learned the hard way to keep my website updated

dboth — Wed, 05 Apr 2023 07:00:00 +0000

How I learned the hard way to keep my website updated dboth Wed, 04/05/2023 - 03:00

My mistake was a good learning experience for me and a reminder that I must not become complacent.

A few days ago, I received an email from a reader of one of my books. Among other things, he said that he was having trouble getting to one of the websites I'd referenced in…

Assess security risks in your open source project with Scorecard

snaveen — Tue, 21 Mar 2023 07:00:00 +0000

Assess security risks in your open source project with Scorecard snaveen Tue, 03/21/2023 - 03:00

OpenSSF Scorecard helps to ensure your open source software is safe and reliable.

Software supply chain attacks are becoming increasingly common, and attackers are targeting vulnerabilities in dependencies early in the supply chain to amplify the impact of…

3 predictions for open source in confidential computing

Dpal — Mon, 23 Jan 2023 08:00:00 +0000

3 predictions for open source in confidential computing Dpal Mon, 01/23/2023 - 03:00

Confidential computing is becoming more widely known by security and developer communities. Look out for these key trends in 2023.

It's a new year, which means it's time to predict what the next year will bring regarding future tech trends. After guessing the World Cup champion, I feel confident sharing…

A new generation of tools for open source vulnerability management

vdanen — Fri, 16 Dec 2022 08:00:00 +0000

A new generation of tools for open source vulnerability management vdanen Fri, 12/16/2022 - 03:00

Product security incident response teams require a unique set of tools for the discovery and remediation of a vulnerability or security defect. Open source is the solution.

Product security incident response teams (PSIRTs) are teams of security professionals that work diligently behind the scenes to protect software products and services of…

How to address challenges with community metrics

GeorgLink — Wed, 16 Nov 2022 08:00:00 +0000

How to address challenges with community metrics GeorgLink Wed, 11/16/2022 - 03:00

Consider this advice for addressing the organizational and technical challenges of implementing community health metrics for your own community.

The previous two articles in this series looked at open source community health and the metrics used to understand it. They showed examples of how open source communities have…

egaleano

Dynamically update TLS certificates in a Golang server without downtime

Savita Ashture — Thu, 06 Oct 2022 07:00:00 +0000

Dynamically update TLS certificates in a Golang server without downtime Savita Ashture Thu, 10/06/2022 - 03:00

Configuring an HTTPS server for automatically updated certificates is not as hard as you might think.

Transport Layer Security (TLS) is a cryptographic protocol based on SSLv3 designed to encrypt and decrypt traffic between two sites. In other words, TLS ensures that you're…

OpenSSF: on a mission to improve security of open source software

gkamathe — Mon, 26 Sep 2022 07:00:00 +0000

OpenSSF: on a mission to improve security of open source software gkamathe Mon, 09/26/2022 - 03:00

Developers, businesses, and government agencies are working together to ensure the security of open source software, and you can join them.

Open source software (OSS), once a niche segment of the development landscape, is now ubiquitous. This growth is fantastic for the open source community. However, as the usage…

Security buzzwords to avoid and what to say instead

sethkenlon — Tue, 20 Sep 2022 07:00:00 +0000

Security buzzwords to avoid and what to say instead sethkenlon Tue, 09/20/2022 - 03:00

Consider these thoughtful approaches to define what security really means in your open source project.

Technology is a little famous for coming up with "buzzwords." Other industries do it, too, of course. "Story-driven" and "rules light" tabletop games are a big thing right now…

3 steps to protect your home network

sethkenlon — Wed, 14 Sep 2022 07:00:00 +0000

3 steps to protect your home network sethkenlon Wed, 09/14/2022 - 03:00

Who has access to your home network? With the Internet of Things (IoT) commonplace, there are sometimes more services running on your home network than you realize. Protect it…

The typical setup for Internet connectivity today is for your home to have a router, usually a little physical box located somewhere in your house, that acts as a gateway to…

How Tracee solves the lack of BTF information

alegrey91 — Thu, 01 Sep 2022 07:00:00 +0000

How Tracee solves the lack of BTF information alegrey91 Thu, 09/01/2022 - 03:00

By tracing processes using Linux eBPF (Berkeley packet filter) technology, Tracee can correlate collected information and identify malicious behavioral patterns.

Tracee is a project by Aqua Security for tracing processes at runtime. By tracing processes using Linux eBPF (Berkeley packet filter) technology, Tracee can correlate…

maxgio92