Category

In the News

Node.js 10 is here!

By | In the News | No Comments

Node.js wants to make it easier for you to keep things secret and keep them safe. This is the first release line to include OpenSSL 1.x. Recent work done by the OpenSSL team and the Core Infrastructure Initiative has made it possible for Node to really take advantage of everything OpenSSL has to offer. This includes the ChaCha20 cipher and Polu1305 authenticator.

By moving to OpenSSL 1.1.0, Node.js has made it easier to upgrade to future OpenSSL versions. Node developers will be able to be secure while using the gold-standard of encrypted communications on the web.

Read More »

ADTmag: Open Source Node.js Hits v10, with Better Security, Performance, More

By | In the News | No Comments

The open source Node.js project for server-side JavaScript today hit a major milestone with the release of version 10.0.0. It marks the seventh major release of the cross-platform JavaScript runtime since the formation of the governing Node.js Foundation in 2015. Node.js itself debuted in 2009, promising a unified JavaScript-based Web application platform that allowed for creating dynamic sites with server-side code, rather than just static client code embedded in browsers.

Read More »

ZDNet: Hyperledger bug bounty program goes public

By | In the News | No Comments

The Hyperledger project has opened the doors of its bug bounty program to the public. Hyperledger is an open-source project and hub for developers to work on blockchain technologies. The Hyperledger infrastructure is being developed in order to support cross-industry uses of distributed ledger technologies, most commonly associated with the exchange of cryptocurrency. Hosted by the Linux Foundation, Hyperledger focuses on cross-industry support for distributed ledger frameworks, smart contracts, and libraries, and already supports a range of business-based blockchain frameworks and transactional applications.

Read More »

FCW: Lawmakers worry about a second Heartbleed

By | In the News | No Comments

Two Republicans on key House committees are looking for more information about the challenges surrounding the cybersecurity of open-source software.

Reps. Greg Walden (R-Ore.) and Gregg Harper (R-Miss.), respectively the chairs of the House Energy and Commerce Committee and its Subcommittee on Oversight and Investigations, want information from Linux Foundation Executive Director Jim Zemlin about the cybersecurity risks of open-source software.

Read More »

The Hill: Lawmakers press Linux on security of open-source software

By | In the News | No Comments

Republican leaders of the House Energy and Commerce Committee are pressing the nonprofit Linux Foundation on how the tech community can better mitigate vulnerabilities in open-source software. Rep. Greg Walden (R-Ore.), the committee chairman, and Rep. Gregg Harper (R-Miss.) sent a letter to the Linux Foundation on Monday, citing the critical “Heartbleed” vulnerability discovered in 2014 that impacted thousands of websites and allowed hackers to steal user passwords.

“As the last several years have made clear, OSS [open-source software] is such a foundational part of the modern connected world that it has become critical cyber infrastructure,” the lawmakers wrote. “As we continue to examine cybersecurity issues generally, it is therefore imperative that we understand the challenges and opportunities the OSS ecosystem faces, and potential steps that OSS stakeholders may take to further support it.”

Read More »

FLOSS Weekly Podcast: Best Practices Badge

By | In the News | No Comments

Randal Schwartz and Guillermo Amaral of FLOSS Weekly interview The Linux Foundation’s senior director of security infrastructure Emily Ratliff and David Wheeler of The Institute for Defense Analyses (IDA) and an expert on developing secure software and on open source software.

The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.

Watch the episode here.