Announcing Windows Open Source Security Framework - SafetyNet
Grok Headline matches for Announcing Windows Open Source Security Framework - SafetyNet
Open Source Metadata Framework (OMF)
Open Source Metadata Framework (OMF)
04/17/2004 06:05 AMOpen Source Metadata Framework (OMF)http://www.ibiblio.org/osrt/om
f/The OMF aims to collect data about Open Source
documentation, or metadata, that will be used to describe the
documentation. The idea is that the OMF will act as a sophisticated
card catalog type of system for the numerous Open Source documentation
projects that exist. The OMF offers a number of advantages over
standard card catalog type systems, however. Chief among these is the
fact that the OMF has been designed from the ground up to be
completely open, standards based, and sharable. We will accomplish
this by using pre-defined standards (XML and the Dublin Core
description for metadata) and allowing all metadata generated to be
accessed by anyone that wants it. Because the metadata itself is to be
stored in XML files, anyone should be able to use it.
Announcing the Launch of
Middleware-jmsmessaging.org -- An Open
Source Website Dedicated to the
Advancement of Middleware and jms
Messaging Technologies
Announcing the Launch of
Middleware-jmsmessaging.org -- An Open
Source Website Dedicated to the
Advancement of Middleware and jms
Messaging Technologies
08/03/2004 02:24 AMThe newly launched www.middleware-jmsmessaging.org is an online
resource dedicated to everything concerning middleware and jms
messaging. Keep up to date on the latest middleware/jms messaging
news, and articles. Enjoy a comprehensive tutorial section and browse
through the Top 10 list of jms messaging open source projects. [PRWEB
Aug 3, 2004]
Prelude IDS Framework: "Open Source
Security's Best Kept Secret"
Prelude IDS Framework: "Open Source
Security's Best Kept Secret"
04/26/2004 08:22 PMBEA's Project Beehive to Open-Source
Workshop Framework
BEA's Project Beehive to Open-Source
Workshop Framework
05/19/2004 08:48 PMOfficials say the move will help make the company's tools framework a
standard in the enterprise Java space, while also speeding the
adoption of service-oriented architectures.
Company merges code-editing tools with
open-source framework
Company merges code-editing tools with
open-source framework
01/16/2004 11:05 AMJava. It also allows developers to create and edit projects in 47
other languages, including C#, PHP, HTML, XML and COBOL. Although ...
Windows and Open Source: Perfect
Together?
Windows and Open Source: Perfect
Together?
03/21/2003 07:02 AMMany IT managers may like the idea of open source software but may not
feel ready to champion a switch to Linux or one of the BSD operating
systems. Fortunately, plenty of open source and free software
applications run on Windows. What are the options for CIOs who want to
dip their toes in the open source pool?
Open Source Firewall For Windows
Open Source Firewall For Windows
09/23/2004 01:14 PMNew Version: 1.2
Gates: Open source a great ad for
Windows
Gates: Open source a great ad for
Windows
06/28/2004 02:37 PMMicrosoft chair says it's great to have "a few design wins" by Linux
and such in the news--it shows how much simpler Windows is.
Windows Leak An Experiment in Open
Source?
Windows Leak An Experiment in Open
Source?
02/19/2004 03:27 PMWith a fragment of its source code available on the Internet,
Microsoft gets a taste of peer review.
Former Windows Chief on Microsoft Vs.
Open-Source
Former Windows Chief on Microsoft Vs.
Open-Source
07/19/2004 04:44 PMNiku to launch open-source Windows app
Niku to launch open-source Windows app
07/09/2004 06:22 AMComputer Weekly Jul 9 2004 11:07AM GMT
An Open Source Effort to rival Windows
An Open Source Effort to rival Windows
11/15/2003 07:42 AMOpen Source Security: Still A Myth
Open Source Security: Still A Myth
09/17/2004 11:52 AMDefending Open Source Security
Defending Open Source Security
02/14/2004 08:03 AMOpen Source Law and National Security
Open Source Law and National Security
09/13/2004 05:19 AMHow many paragraphs of rules and regulations can a society have before
no one can predict how it will respond to critical situations? The
answer, as demonstrated on 9/11/2001 is: "Not very many." Lawyers
need to go open source and let the public bang on their code.
Top Open-Source Security Applications
Top Open-Source Security Applications
06/17/2005 03:37 PMMicrosoft shares Windows tools via open
source
Microsoft shares Windows tools via open
source
05/13/2004 06:22 PMThe software powerhouse releases into the open-source community a
series of pre-existing templates that developers can freely modify.
Niku to launch open source Windows
application
Niku to launch open source Windows
application
07/08/2004 07:17 PMNext week, Niku, a vendor of IT management and governance software,
will announce an open source version of its project scheduler,
Workbench, re-named Open Workbench, for Windows-based
desktops.
ADVERTISEMENT
Downloa
d Strategic Value of Moving to Linux Business White Paper
Find
out how your company can reduce IT costs or improve efficiency, you
are probably considering Linux and what role it will play in your
company.
Microsoft Share Windows Tools Via Open
Source
Microsoft Share Windows Tools Via Open
Source
05/13/2004 07:55 PMMicrosoft posted to SourceForge its Windows Template Library, a series
of code snippets designed to make it easier for developers to create
graphic interfaces for Windows programs. By Ina Fried, CNET News.com
(via MyAppleMenu)
New flaws foul open-source security
New flaws foul open-source security
06/10/2004 08:05 AMZDNet Jun 10 2004 12:14PM GMT
Microsoft, Open Source and National
Security
Microsoft, Open Source and National
Security
04/23/2004 01:24 AMTwo weeks ago, I wondered out loud about the top 10 worst IT business
decisions ever made and nominated HP's decision to follow DEC down the
road to oblivion for top spot. Today I'd like to suggest that the U.S.
Defense Department's continued use of Microsoft's software is likely
to top a future list of this kind.
The equation here is simple. First, recognize that Microsoft's
software security depends crucially on keeping its source code
secret. That's not a comment from an anti-Microsoft bigot -- it's the
testimony given under oath by Microsoft vice president Jim Allchin.
Even limited release of Microsoft's code, Allchin told judge Colleen
Kollar-Kotelly's federal court in May 2002, would threaten national
security because the code is both seriously flawed and widely used in
the Defense Department.
But consider that only nine months later, in February 2003, Microsoft
announced an agreement giving communist China full access to the
source code for Windows and related tools.
DOES open source software enhance
security?
DOES open source software enhance
security?
03/06/2004 02:04 AMMissing Open Source Security Tools?
Missing Open Source Security Tools?
06/28/2004 06:16 PMSecurity holes splatter Open Source
Security holes splatter Open Source
06/11/2004 04:54 AMAn eye opener on open source Internet
security
An eye opener on open source Internet
security
07/26/2004 08:46 AMCryptography and the Open Source
Security Debate
Cryptography and the Open Source
Security Debate
07/20/2004 02:34 PMOpen Source a National Security Threat
Open Source a National Security Threat
07/27/2004 11:22 AMOpen-Source Security Tools Touted at
InfoSec
Open-Source Security Tools Touted at
InfoSec
04/05/2005 10:21 PMA security consultant encourages cash-strapped businesses to consider
open-source security tools and utilities to help cope with the
increasing spate of malicious hacker attacks.
More flaws foul security of open-source
repository
More flaws foul security of open-source
repository
06/09/2004 05:29 PMSecurity fears push users to open source
Security fears push users to open source
12/05/2003 05:32 PMPersonal Computer World Dec 5 2003 4:19PM ET
Web Security Errors and an Open Source
Revenue Opportunity
Web Security Errors and an Open Source
Revenue Opportunity
01/14/2003 06:32 PMWeb Security Errors
I normally wouldn't blog this much but so many of us here do web
development that its good for all of us to review these. Yes I know
we all know better but I'd virtually guarantee that we all have done
at least one of these in the last 24 months:
Unvalidated parameters: Information from Web requests isn't validated
before being used by a Web application. Attackers can use these flaws
to attack backside components through a Web application.
Broken access control: Restrictions on what authenticated users are
allowed to do aren't properly enforced. Attackers can exploit these
flaws to access other users' accounts, view sensitive files, or use
unauthorized functions.
Broken account and session management: Account credentials and session
tokens aren't properly protected. Attackers who can compromise
passwords, keys, session cookies, or other tokens can defeat
authentication restrictions and assume other users' identities.
Cross-site scripting flaws: The Web application can be used as a
mechanism to transport an attack to a user's browser. A successful
attack can disclose the user's session token, attack the local
machine, or spoof content to fool the user.
Buffer overflows: Web application components in some languages that
don't properly validate input can be crashed and, in some cases, used
to take control of a process. These components can include CGI,
libraries, drivers, and Web application server components.
Command injection flaws: Web applications pass parameters when they
access external systems or the local operating system. If an attacker
can embed malicious commands in these parameters, the external system
may execute those commands on behalf of the Web application.
Error-handling problems: Error conditions that occur during normal
operation aren't handled properly. If an attacker can cause errors
that the Web application doesn't handle, he or she can gain detailed
system information, deny service, cause security mechanisms to fail,
or crash the server.
Insecure use of cryptography: Web applications frequently use
cryptographic functions to protect information and credentials. These
functions and the code to integrate them have proven difficult to code
properly, frequently resulting in weak protection.
Remote administration flaws: Many Web applications let administrators
access a site using a Web interface. If these administrative functions
aren't very carefully protected, an attacker can gain full access to
all aspects of a site.
Web and application server misconfiguration: Having a strong server
configuration standard is critical to a secure Web application. These
servers have many configuration options that affect security and
aren't secure out of the box. [_Go_]
The full report is here. Nice job guys. Thank you.
And Just One More
Oh and I'd also kick in one other security glitch that's related to
these but not specifically mentioned: Installing Open Source
applications on the quick. You know the drill -- you grab some code,
install it and then poof! The client is running it and is happy so
you kinda ignore it. And you don't realize that the default
installation leaves the password in the clear! Think I'm kidding?
For example a lot of php applications use .inc for include files as
their extension so config.inc is viewable by anyone who knows it
exists.
A Chance for Open Source Revenues
Although I have no actual metrics on this I suspect it is quite
common. Now this makes me think that a possible revenue opportunity
for Open Source authors is something like "Security Check", for $99 or
$X (per server), I'll check over your installation and make sure you
don't have any holes. Given that a lot of Open Source applications
are rolled into hosting / consulting, it would be relatively easy to
pass this type of cost onto the ultimate customer.
Apple Cites Open Source Core Security
Apple Cites Open Source Core Security
09/02/2004 12:41 AMSlashdot Sep 2 2004 4:37AM GMT
Security flaws could corrupt open source
databases
Security flaws could corrupt open source
databases
05/20/2004 04:15 AMTwo Open-Source Databases Spring
Security Leaks
Two Open-Source Databases Spring
Security Leaks
05/20/2004 08:20 PMA researcher has found critical flaws in CVS and Subversion; updates
have been posted.
NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits."
NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits."
02/17/2004 11:57 PMAs per a recent post, I love to see (and hope to one day do it myself)
Open Source Software in Non-Profits. Seems http://www.nosi.net found
my post:
http://thelostolive.net/tlo/comments.php?id=1786_0_1_0_C
And commented the release of its new guide "Choosing and Using Open
Source Software: A Primer for Nonprofits." And now in their own words:
___snip____
--
From: Katrin Verclas
Email: steering (a) nosi.net
Hi, Kevin -
NOSI actually just released a new...
Microsoft Sales Chief: The 'Facts' Prove
Windows Delivering More Than Open Source
Microsoft Sales Chief: The 'Facts' Prove
Windows Delivering More Than Open Source
07/29/2004 08:19 PMMicrosoft plans to continue to unearth more evidence to help it combat
Linux in the coming fiscal year.
Database, Security, Storage Are Next
Layers For Open Source Commoditization
Database, Security, Storage Are Next
Layers For Open Source Commoditization
01/19/2004 09:36 AMOpen source Internet protocol security
project gets nod from Novell
Open source Internet protocol security
project gets nod from Novell
06/17/2004 03:31 AMOpen-source activist Bruce Perens joins
open-source defense group
Open-source activist Bruce Perens joins
open-source defense group
05/07/2004 04:33 PMA key leader in the open-source software movement has been appointed
to the board of Open Source Risk Management, which is defending the
legal standing of open-source software.
Grok Description matches for Announcing Windows Open Source Security Framework - SafetyNet
GrokA matches for Announcing Windows Open Source Security Framework - SafetyNet
Announcing Windows Open Source Security Framework - SafetyNet
