Security fears push users to open source

Grok Headline matches for Security fears push users to open source

Novell extends open-source push

Novell extends open-source push 05/11/2004 02:55 PM
For the second time, Novell has released the source code of a once-proprietary software package that makes it easier to substitute Linux for Microsoft's Windows.

Sun plots push for open-source tools

Sun plots push for open-source tools 12/07/2003 09:46 PM
ZDNet Australia Dec 7 2003 9:35PM ET

U.K.-funded initiative to push open
source

U.K.-funded initiative to push open
source 04/07/2005 10:22 AM
Project will promote use of open-source tools within the public sector by creating a code repository, among other efforts.

Computer Associates readies open-source
push

Computer Associates readies open-source
push 05/05/2004 06:31 PM
ZDNet May 5 2004 10:53PM GMT

U.K. government considers Sun in
open-source software push

U.K. government considers Sun in
open-source software push 12/08/2003 06:06 PM
The Office of Government Commerce purchasing authority said it will soon begin trials of the company's new Java Desktop System and Java Enterprise System software.

Theft of Cisco source code stirs fears
of security threat

Theft of Cisco source code stirs fears
of security threat 05/21/2004 05:17 PM
Users and security analysts this week expressed concern about the security threat posed to corporate networks by the recent theft of operating system source code from Cisco.

Open Source group wins € 2.6m EC
grant for public sector push

Open Source group wins € 2.6m EC
grant for public sector push 04/16/2004 08:50 AM
'Local business ecosystems'

LinuxWorld to draw open-source users

LinuxWorld to draw open-source users 08/02/2004 06:44 AM
San Francisco Chronicle Aug 2 2004 10:23AM GMT

Users as Innovators - Why Open Source
Works

Users as Innovators - Why Open Source
Works 04/18/2005 10:03 PM

Open-Source Users Offered Insurance
Against SCO and Its Ilk

Open-Source Users Offered Insurance
Against SCO and Its Ilk 04/19/2004 04:32 PM
As the move to protect Linux users from copyright infringement claims like those made by The SCO Group Inc. gains momentum, users of the open-source operating system are now being offered insurance-like protection against such claims.

Users laud open source VPN code

Users laud open source VPN code 04/14/2005 10:07 PM

Open Source Users Unaffected by Sasser
Worm

Open Source Users Unaffected by Sasser
Worm 05/20/2004 04:15 AM

What proprietary software can teach open
source developers about winning over new
users

What proprietary software can teach open
source developers about winning over new
users 04/12/2005 08:04 AM
Being the best doesn't always mean being the most popular. We all know of many inferior products that are immensely, sometimes perplexingly, popular. However, this does not mean that one must forsake the pursuit of excellence when pursuing a broad market share. As proponents of open source software, it should not be beneath us to pursue popularity or to look to proprietary developers as examples. And by following the right examples, we can help spread the usage of open source software without sacrificing the goal of software excellence.

Users praise plan to make Ingres
database open source

Users praise plan to make Ingres
database open source 05/28/2004 04:54 PM
LAS VEGAS -- Users of the Ingres enterprise relational database heaped praise on Computer Associates International Inc.'s plan to release the code for the database to the open-source community under a new licensing scheme.

Users praise CA plan to make Ingres an
open-source database

Users praise CA plan to make Ingres an
open-source database 05/28/2004 04:55 PM
The Ingres database is going open-source under a new CA licensing plan, a move cheered by users who find it mature and easy to use but feel the company hasn't promoted it enough.

Top Open-Source Security Applications

Top Open-Source Security Applications 06/17/2005 03:37 PM

Open Source Security: Still A Myth

Open Source Security: Still A Myth 09/17/2004 11:52 AM

Open Source Law and National Security

Open Source Law and National Security 09/13/2004 05:19 AM
How many paragraphs of rules and regulations can a society have before no one can predict how it will respond to critical situations? The answer, as demonstrated on 9/11/2001 is: "Not very many." Lawyers need to go open source and let the public bang on their code.

Defending Open Source Security

Defending Open Source Security 02/14/2004 08:03 AM

Security holes splatter Open Source

Security holes splatter Open Source 06/11/2004 04:54 AM

New flaws foul open-source security

New flaws foul open-source security 06/10/2004 08:05 AM
ZDNet Jun 10 2004 12:14PM GMT

Open Source a National Security Threat

Open Source a National Security Threat 07/27/2004 11:22 AM

An eye opener on open source Internet
security

An eye opener on open source Internet
security 07/26/2004 08:46 AM

Microsoft, Open Source and National
Security

Microsoft, Open Source and National
Security 04/23/2004 01:24 AM
Two weeks ago, I wondered out loud about the top 10 worst IT business decisions ever made and nominated HP's decision to follow DEC down the road to oblivion for top spot. Today I'd like to suggest that the U.S. Defense Department's continued use of Microsoft's software is likely to top a future list of this kind. The equation here is simple. First, recognize that Microsoft's software security depends crucially on keeping its source code secret. That's not a comment from an anti-Microsoft bigot -- it's the testimony given under oath by Microsoft vice president Jim Allchin. Even limited release of Microsoft's code, Allchin told judge Colleen Kollar-Kotelly's federal court in May 2002, would threaten national security because the code is both seriously flawed and widely used in the Defense Department. But consider that only nine months later, in February 2003, Microsoft announced an agreement giving communist China full access to the source code for Windows and related tools.

Cryptography and the Open Source
Security Debate

Cryptography and the Open Source
Security Debate 07/20/2004 02:34 PM

Missing Open Source Security Tools?

Missing Open Source Security Tools? 06/28/2004 06:16 PM

DOES open source software enhance
security?

DOES open source software enhance
security? 03/06/2004 02:04 AM

Web Security Errors and an Open Source
Revenue Opportunity

Web Security Errors and an Open Source
Revenue Opportunity 01/14/2003 06:32 PM
Web Security Errors I normally wouldn't blog this much but so many of us here do web development that its good for all of us to review these. Yes I know we all know better but I'd virtually guarantee that we all have done at least one of these in the last 24 months: Unvalidated parameters: Information from Web requests isn't validated before being used by a Web application. Attackers can use these flaws to attack backside components through a Web application. Broken access control: Restrictions on what authenticated users are allowed to do aren't properly enforced. Attackers can exploit these flaws to access other users' accounts, view sensitive files, or use unauthorized functions. Broken account and session management: Account credentials and session tokens aren't properly protected. Attackers who can compromise passwords, keys, session cookies, or other tokens can defeat authentication restrictions and assume other users' identities. Cross-site scripting flaws: The Web application can be used as a mechanism to transport an attack to a user's browser. A successful attack can disclose the user's session token, attack the local machine, or spoof content to fool the user. Buffer overflows: Web application components in some languages that don't properly validate input can be crashed and, in some cases, used to take control of a process. These components can include CGI, libraries, drivers, and Web application server components. Command injection flaws: Web applications pass parameters when they access external systems or the local operating system. If an attacker can embed malicious commands in these parameters, the external system may execute those commands on behalf of the Web application. Error-handling problems: Error conditions that occur during normal operation aren't handled properly. If an attacker can cause errors that the Web application doesn't handle, he or she can gain detailed system information, deny service, cause security mechanisms to fail, or crash the server. Insecure use of cryptography: Web applications frequently use cryptographic functions to protect information and credentials. These functions and the code to integrate them have proven difficult to code properly, frequently resulting in weak protection. Remote administration flaws: Many Web applications let administrators access a site using a Web interface. If these administrative functions aren't very carefully protected, an attacker can gain full access to all aspects of a site. Web and application server misconfiguration: Having a strong server configuration standard is critical to a secure Web application. These servers have many configuration options that affect security and aren't secure out of the box. [_Go_] The full report is here. Nice job guys. Thank you. And Just One More Oh and I'd also kick in one other security glitch that's related to these but not specifically mentioned: Installing Open Source applications on the quick. You know the drill -- you grab some code, install it and then poof! The client is running it and is happy so you kinda ignore it. And you don't realize that the default installation leaves the password in the clear! Think I'm kidding? For example a lot of php applications use .inc for include files as their extension so config.inc is viewable by anyone who knows it exists. A Chance for Open Source Revenues Although I have no actual metrics on this I suspect it is quite common. Now this makes me think that a possible revenue opportunity for Open Source authors is something like "Security Check", for $99 or $X (per server), I'll check over your installation and make sure you don't have any holes. Given that a lot of Open Source applications are rolled into hosting / consulting, it would be relatively easy to pass this type of cost onto the ultimate customer.

Two Open-Source Databases Spring
Security Leaks

Two Open-Source Databases Spring
Security Leaks 05/20/2004 08:20 PM
A researcher has found critical flaws in CVS and Subversion; updates have been posted.

Open-Source Security Tools Touted at
InfoSec

Open-Source Security Tools Touted at
InfoSec 04/05/2005 10:21 PM
A security consultant encourages cash-strapped businesses to consider open-source security tools and utilities to help cope with the increasing spate of malicious hacker attacks.

Apple Cites Open Source Core Security

Apple Cites Open Source Core Security 09/02/2004 12:41 AM
Slashdot Sep 2 2004 4:37AM GMT

Security flaws could corrupt open source
databases

Security flaws could corrupt open source
databases 05/20/2004 04:15 AM

More flaws foul security of open-source
repository

More flaws foul security of open-source
repository 06/09/2004 05:29 PM

NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits."

NOSI, the Nonprofit Open Source
Initiative, announces the release of its
new guide "Choosing and Using Open
Source Software: A Primer for
Nonprofits." 02/17/2004 11:57 PM
As per a recent post, I love to see (and hope to one day do it myself) Open Source Software in Non-Profits. Seems http://www.nosi.net found my post: http://thelostolive.net/tlo/comments.php?id=1786_0_1_0_C And commented the release of its new guide "Choosing and Using Open Source Software: A Primer for Nonprofits." And now in their own words: ___snip____ -- From: Katrin Verclas Email: steering (a) nosi.net Hi, Kevin - NOSI actually just released a new...

Database, Security, Storage Are Next
Layers For Open Source Commoditization

Database, Security, Storage Are Next
Layers For Open Source Commoditization 01/19/2004 09:36 AM

Announcing Windows Open Source Security
Framework - SafetyNet

Announcing Windows Open Source Security
Framework - SafetyNet 09/23/2004 11:51 PM

Open source Internet protocol security
project gets nod from Novell

Open source Internet protocol security
project gets nod from Novell 06/17/2004 03:31 AM

Open-source activist Bruce Perens joins
open-source defense group

Open-source activist Bruce Perens joins
open-source defense group 05/07/2004 04:33 PM
A key leader in the open-source software movement has been appointed to the board of Open Source Risk Management, which is defending the legal standing of open-source software.

Supply fears push up oil prices

Supply fears push up oil prices 07/06/2004 01:24 AM
Oil prices break through $39 a barrel in the US after renewed trouble in Iraq and the threat of production problems in Nigeria and Russia.
Grok Description matches for Security fears push users to open source
GrokA matches for Security fears push users to open source

Security fears push users to open source

The following phrases have been identified by the grok system as matching this entry: