Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Red Hat Release Security Report for RHEL4

Hash: SHA1

Risk report: Four years of Red Hat Enterprise Linux 4

,----[ Quote ]
| Red Hat® Enterprise Linux® 4 was released on February 15th, 2005. This report 
| takes a look at the state of security for the first four years from release. 
| We look at key metrics, specific vulnerabilities, and the most common ways 
| users were affected by security issues. We will show some best practices that 
| could have been used to minimise the impact of the issues, and also take a 
| look at how the included security innovations helped.      



Has security become a non-issue for enterprise Open Source?

,----[ Quote ]
| A two-year-old piece of Open Source code is likely to have far fewer security
| flaws than proprietary code, according to security expert Bruce Schneier.
| Now, at a time when Open Source is gaining momentum in Australia, Schneier’s
| perspective could contribute to increased uptake in the enterprise, education
| and government sectors.
| The recent Australian Open Source Industry & Community Report portrayed
| a ‘very strong’, ‘rapidly growing’ local market for Open Source in both
| private and public sectors.


Is visibility the key open source value?

,----[ Quote ]
| In past discussions about open source values I’ve gone on about many subjects
| which struck some as political.
| But is the key open source value something simpler and more basic?
| Like the mere visibility of the code?
| Code visibility is the first thing that distinguishes open source from other
| types of software.


Open source good for security

,----[ Quote ]
| Jacobson recommends that before implementing any application, including a
| security product, users should check the “pedigree” of the product.
| This would include determining whether any vulnerabilities or flaws had been
| detected in the product; and how well or quickly the vendor had responded to
| these reports. Most of this information is to be found on websites like
| www.securityfocus.com, a vendor-neutral site that provides objective, timely
| and comprehensive security information to all members of the global IT
| security community.
| “The SecurityFocus Vulnerability Database, for example, delivers an
| invaluable service by providing security professionals with the most
| up-to-date information on vulnerabilities for all platforms and services.
| Another SecurityFocus service is BugTraq, a high volume, full disclosure
| mailing list for the detailed discussion and announcement of computer
| security vulnerabilities. BugTraq is, without doubt, the cornerstone of the
| Internet-wide security community,” he adds.


Study Says Linux More Secure

,----[ Quote ]
| More than 70 percent people surveyed said they found Red Hat Linux less
| vulnerable to security issues than Microsoft's operating system.


Study: 70 percent say Red Hat more secure than Windows


SELinux and Security changes in the 2.6.27 Kernel

,----[ Quote ]
| # SELinux deferred mapping of filesystem contexts
| This patch by Stephen Smalley addresses the case where "alien" SELinux
| security labels need to be written to the local filesystem, for example, in
| the case of building RPMs where the local policy is different to the policy
| on the system where the RPM is to be installed. This will help with enabling
| SELinux on build systems (e.g. in the Fedora infrastructure) and more
| generally with packagers and ISVs shipping third party policy with RPMS.


Ubuntu gets SELinux

,----[ Quote ]
| It's official: SELinux is now available in the Ubuntu development ("Hardy
| Heron") distribution. "This is the result of the amazing work of the
| ubuntu-security and ubuntu-hardened teams, as well as the huge contributions
| from the folks at Tresys. (note: SELinux will not be the default, but is
| available as a security option.)" Installing it is a simple apt operation.

Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index