Security Leftovers
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Gentoo (Netatalk), Oracle (firefox), Red Hat (.NET 6.0, .NET 6.0, .NET 7.0, binutils, and qemu-kvm), SUSE (gcc13, tomcat, and xorg-x11-server), and Ubuntu (axis, libvpx, linux-starfive, thunderbird, and xrdp).
-
The New Stack ☛ LF Europe Chief Warns Developers on EU’s Cyber Resilience Act
European developers face being unable to download or contribute to open source software if the EU’s Cyber Resilience Act (CRA) is passed as it currently stands, Linux Foundation Europe chief Gabriele Columbro has warned.
Even though proposed amendments to the legislation address some of the open source community’s most pressing concerns, Columbro told The New Stack, the industry faces years of uncertainty and risk as policymakers, standards bodies, lawyers, and developers thrash out what the legislation means in practice.
-
Medevel ☛ 41 Open-source and Free Vulnerability Scanners For Pentesting and Web App Security
Vulnerability scanners are software applications that monitor systems for potential security threats. These tools scan your network and systems for vulnerabilities that could be exploited by hackers. They check for unpatched software, insecure system configurations, and other weaknesses.
-
Medevel ☛ Wapiti is a Free and Open-source Web Vulnerability Scanner
Wapiti is a Python-based web vulnerability scanner that supports HTTP, HTTPS, and SOCKS5 proxies. It offers features such as HTTP authentication, form-based login authentication, scan scope limitation, automatic URL parameter removal, safeguards against endless-loops, and the ability to set initial URLs for exploration.
-
Silicon Angle ☛ Chainguard raises $61M for its ultra-secure software container images
Chainguard Inc., a startup that provides highly secure versions of open-source software tools, today announced that it has raised $61 million in funding. Spark Capital led the Series B round. It was joined by Sequoia Capital, Amplify Partners, Mantis VC and Banana Capital. -
Federal News Network ☛ DHS lays out new ‘cybersecurity readiness’ metrics for contractors
DHS plans to use its own approach for evaluating contractor cybersecurity rather than adopting the Pentagon's CMMC program.
-
US White House Executive Order on Safe, Secure, and Trustworthy AI
The Biden-Harris Administration issued a landmark Executive Order on developing Artificial Intelligence (AI), harnessing the power of Hey Hi (AI) responsibly, and managing the risks of AI. Executive Order 14110 directs actions for new standards on Hey Hi (AI) safety, security, privacy protection, equity and civil rights advancement, consumer and worker protection, and more.