security

Consume open source responsibly

open source business

It’s been a while since I started to talk to people in the financial services ecosystem about our approach towards open source. At first, most of them thinking we were either bold, ahead of our time, or mad would listen to our story but would not really comment: "Let’s see where it goes" or "good luck with your brave intentions." Only after we started to show progress with the delivery of the FinTP Project, did people start to look seriously at what we were doing. That's when FinTP started to stir up interest and we got many inquiries about the project.

I’ve already shared the most common questions, like: Why do we do it? Why should we join? » Read more

3 Comments

Open source under the hood of the U.S. electrical grid

open innovation

The United States energy grid is composed of many moving and non-moving cyber security assets that all have to, to some degree, speak the same language. The language of machine-to-machine communications has become big business lately, however devices that control how the power gets from the plant to your light switch have been talking their talk for many years. » Read more

1 Comment

Beware of security vulnerabilities: What you don't know can come back to haunt you

security vulnerabilities

With all the benefits of open source, improper management of its use may result in substantial legal, business, and technical risks. Most research and design managers know that they have to manage open source licenses, but not many are monitoring for security vulnerabilities and other bugs in open source libraries they use.

Do you know the importance of monitoring open source for vulnerabilities before, during, and after using it?

» Read more

3 Comments

Do cloud right: Four critical steps to selecting the provider for you

cloud services and providers

When Edward Snowden leaked intelligence files, a storm was triggered in the cloud, leaving a path of destruction. Snowden’s email provider Lavabit shut down. So has the email offering of Silent Circle. The Guardian ran a story declaring: Lavabit’s closure marks the death of secure cloud computing in the U.S. And the EU is not entirely unaffected either. Be it by the Tempora program in the UK or the U.S. National Security Agency facilities that reportedly reside in Germany.

» Read more

4 Comments

Harvard goes PaaS with SELinux Sandbox

open education

Running students' submitted programs is a security challenge for any university Computer Science department. When Harvard University contacted me about some work they are doing with the "sandbox" tool on Fedora 17, we decided it would be a great opportunity to see how they could get more out of it and share our findings with the community. 

» Read more

3 Comments

5 Questions with David A. Wheeler

5 Questions

Meet David A. Wheeler. He's a Research Staff Member for the Institute for Defense Analyses (IDA) and a well-known speaker, author, and expert on open source software and security. He helped develop the Department of Defense's open source software policy and FAQ and has written other guidance materials to help people understand how to use and collaboratively develop open source software in government. He has a Ph.D. in Information Technology, an M.S. in Computer Science, and a B.S. in Electronics Engineering. We hope you enjoy getting to know David. » Read more

0 Comments

Developer Conference 2012 part II: The talks

Developer Conference 2012:  The talks

One of the frequent comments about the third-annual Developer Conference (held at Masaryk University in Brno, Czech Republic) concerned the structure of the talks. This year we grouped talks by theme. The schedule was more understandable and those who wanted to follow just one specific area didn’t have to switch rooms or wait for the next talk in their area of interest.

Here’s a quick look at some of the most interesting talks, by topic. » Read more

0 Comments

Developer Conference 2012 -- Brno, Czech Republic

Developer Conference 2012 -- Brno, Czech Republic

Part I:  History and planning

The third-annual Developer Conference took place February 17 and 18, 2012 at Masaryk University in Brno, Czech Republic. This conference, organized by Red Hat Czech Republic, JBoss.org, and Fedora.cz, hosted important and interesting talks about topics including security, kernel, desktop, cloud, and middleware. This report will also highlight other event activities--such as hackfests and networking--and provide information about the organization and purpose of the event, and the plans for the event in the past and in the future. » Read more

0 Comments

Infographic: How Drupal combines open source, openness, and security

How Drupal combines open source, openness, and security

Drupal is a huge software project by any measure, with thousands of developers writing code for it and deploying websites and applications on it. Alongside Linux, Apache, and Mozilla, it is one of the largest open source projects in the world. This infographic helps explain the important work of Drupal's Security Team. » Read more

2 Comments

GOG.com, DRM-free game distributor, chooses data security over ease of checkout

Credit cards good here

GOG.com wins points for openness by being a distributor of DRM-free games, but now they're going even further by choosing to protect their customers' data over the convenience of a faster checkout.

After the wide security breach of the Playstation Network, GOG surveyed its users about the issue--"68 percent said they would rather GOG.com not even have the option of storing personal information," wrote Ben Kuchera in the Ars Technica story. » Read more

2 Comments