Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.
The Open Web Application Security Project (OWASP) has just updated the top ten list of web app vulnerabilities for the first time since 2013. Not much has actually changed.
GDPR calls for a documented, systematic approach to evaluating your security measures - including how you patch, but patching Open Source code has its own problems explains Matthew Jacobs and Daniel Hedley.
Linux kernel security bug could have led to privilege escalation - fixed after two years as turned out worse than first thought.
The Bashware vulnerability allows attackers to take advantage of built-in Linux shell to bypass security software.
Jimmy Nukebot malware trojan becomes more modular to increase flexibility and make static analysis much more complicated - shows ability to adapt to the goals and tasks set before a botnet to take advantage of a new source.
It's clear that the IoT industry needs to step up, take charge and not place the burden of security at the consumer's doors.
Travis McPeak lists the top five OpenStack questions often asked by users and technologists and provides responses to each
Mike Pittenger discusses what he believes is the most dangerous code in your application, whether standalone or containerised
The latest In Case You Missed It (ICYMI) looks at Lizard Squad DDoS, Botnet growth, Qatar bank breached by facists, Hidden Open Source flaws, Ransomware surge.
A security bug in ImageMagick, the free open source image processing software, is allowing cyber-criminals to attack vulnerable servers from afar.
The use of open source components in commercial software is more common than even vendors are aware of and it's leaving customers open to unpatched flaws.
The White House is to make federal agencies release their custom code to the open-source community
Adopting open source software isn't a question of "if" anymore, but of "when?" suggests Mike Pittenger.
A flaw in OpenSSH could let attackers bypass limits imposed on password login attempts, to launch brute force attacks and steal credentials.
Describing itself as the first free and automated certificate authority, Let's Encrypt, launches on 14 September.
OpenDaylight's troubles highlight the problems with security in the open source world ahead of Lithium release.
Many IT security professionals are chossing commercial open source solutions for security reasons rather than economy by says Olivier Thierry.
The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.
David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.
As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.