Subscribe by Email

Your email:

Connect With Us!

Current Articles | RSS Feed RSS Feed

Heartbleed raises more open source security challenges for federal government

  
  
  

The discovery of the Heartbleed OpenSSL security vulnerability in April seems like old news at this point, but its impact continues to reverberate. Countless firms have been affected by this revelation, and few have fully put the open source flaw behind them.

Homeland Security turning to open source software to improve security

  
  
  

The Homeland Security Agency is primarily dedicated to protecting the United States from external threats. While these efforts have typically centered on the physical realm, now the DHS is turning its attention to the digital realm. As ZDNet contributor Steve J. Vaughan-Nichols recently highlighted, the DHS now offers a service specifically designed to help organizations examine open source software code for potential security threats.

Webinar recap: Top tactics to reduce your open source security risk

  
  
  

The current state of open source software (OSS) security may surprise you – with over 13 billion OSS component requests annually, a surprising 60% of organizations do not track security vulnerabilities in their code. This is a big reason why open source vulnerabilities such as Heartbleed and the recent PHP flaw affecting WordPress and Drupal sites are catching organizations unaware.

Webinar recap: Five ways to create more secure code

  
  
  

We recently held a webinar discussing software risks and organizational impacts that arise from security flaws in code (you can watch the recording here). Hackingdata breaches, and functional failures are just the tip of the iceberg when it comes to security vulnerabilities and it’s telling that the average application out there has 22.4 security risks.

Upcoming webinar: Top tactics to reduce your open source security risk

  
  
  

Open source is embedded in over 50% of enterprise applications and development environments today yet very few developers are aware of the inherent security risks. What steps should you take to maximize the benefits of open source software while substantially reducing risk?

Upcoming webinar: Five ways to create more secure code

  
  
  

Security breaches can happen – that’s why it’s more important than ever to understand why secure code matters.

Open source leads to trading success

  
  
  

Open source software has become incredibly widespread over the past few years, used by a hugely diverse range of businesses in every sector. Yet there are still a number of areas where open source has yet to be fully embraced. One example of such an arena is securities and derivatives trading.

The top 10 reasons you need to know more about open source software

  
  
  

When discussing the pros and cons of open source software (OSS), most people will immediately list legal or security risks with OSS as huge cons. But the truth is the risks are no different than using commercial software. If you violate a commercial license or if the commercial software you use has a security flaw (and we all know commercial software is full of security issues) than the same could be said about commercial software in general. But the truth is you have to be smart about OSS. You have to understand why it’s important to know where it came from, how it’s licensed, and how to use it to lower your risks, just like you do with commercial software.

Saving you from Heartbleed

  
  
  

Last week we talked about the flaw in OpenSSL known as “Heartbleed” and it’s massive impact on websites and users around the world. We also mentioned how open-source scanning and support tools, such as OpenLogic, report this flaw. Today, we look at how Klocwork handles the issue.

Heartbleed: The latest on the OpenSSL bug

  
  
  

By now, you’ve heard about the OpenSSL flaw that’s capturing the attention of anyone in the world that’s remotely connected with security. Known as “Heartbleed,” this vulnerability allows any enterprising individual to access memory within systems protected by certain versions of the OpenSSL cryptographic library. By accessing memory without authorization, data that you and your end-users care about, such as usernames, passwords, and credit card numbers, are potentially exposed. Given that Netcraft reports that nearly 66% of websites around the world use some form of SSL, this is a seriously bad problem.

All Posts

Enterprise OSS Blog Policy

If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.

 

Contact Us

Browse by Tag