news
Security Leftovers and Microsoft TCO
-
APNIC ☛ Three security invariants could prevent 65% of preaches
Guest Post: Insights from 70 data breaches and the creation of CISO Challenge, a simulation that helps leaders see how the right security foundations can make or break a company.
-
LWN ☛ Security updates for Wednesday
Security updates have been issued by Debian (pdfminer), Fedora (chromium and firefox), Mageia (bubblewrap, flatpak, cups-filters, and thunderbird), Oracle (container-tools:rhel8, kernel, and squid), Red Hat (kernel), Slackware (libarchive), SUSE (gimp, itextpdf, kernel, thunderbird, and unbound), and Ubuntu (lasso).
-
OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #45 – S2E22 SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)
-
Ubuntu ☛ Ubuntu Blog: Everything you need to know about FIPS 140-3 on Ubuntu | Videos
FIPS 140 is a highly demanding security standard that’s mandatory for almost all high-security and federal environments. It can be hard to get right and may be a daunting part of the journey for those trying to meet compliance requirements like FedRAMP or CMMC. We get a lot of questions about FIPS 140-3, and so we decided to put together this comprehensive collection of video resources to answer the most burning ones we’ve had so far.
-
Microsoft TCO
-
Dhole Moments ☛ Moving Beyond the NPM elliptic Package
Why replace the elliptic package? Yesterday, the Trail of Bits blog published a post about finding cryptographic bugs in the elliptic library (a Javascript package on NPM) by using the Wycheproof.
-