In the News

Node.js wants to make it easier for you to keep things secret and keep them safe. This is the first release line to include OpenSSL 1.x. Recent work done by the OpenSSL team and the Core Infrastructure Initiative has made it possible for Node to really take advantage of everything OpenSSL has to offer. This includes the ChaCha20 cipher and Polu1305 authenticator.

By moving to OpenSSL 1.1.0, Node.js has made it easier to upgrade to future OpenSSL versions. Node developers will be able to be secure while using the gold-standard of encrypted communications on the web.

Read More »

The open source Node.js project for server-side JavaScript today hit a major milestone with the release of version 10.0.0. It marks the seventh major release of the cross-platform JavaScript runtime since the formation of the governing Node.js Foundation in 2015. Node.js itself debuted in 2009, promising a unified JavaScript-based Web application platform that allowed for creating dynamic sites with server-side code, rather than just static client code embedded in browsers.

Read More »

The Hyperledger project has opened the doors of its bug bounty program to the public. Hyperledger is an open-source project and hub for developers to work on blockchain technologies. The Hyperledger infrastructure is being developed in order to support cross-industry uses of distributed ledger technologies, most commonly associated with the exchange of cryptocurrency. Hosted by the Linux Foundation, Hyperledger focuses on cross-industry support for distributed ledger frameworks, smart contracts, and libraries, and already supports a range of business-based blockchain frameworks and transactional applications.

Read More »

Two Republicans on key House committees are looking for more information about the challenges surrounding the cybersecurity of open-source software.

Reps. Greg Walden (R-Ore.) and Gregg Harper (R-Miss.), respectively the chairs of the House Energy and Commerce Committee and its Subcommittee on Oversight and Investigations, want information from Linux Foundation Executive Director Jim Zemlin about the cybersecurity risks of open-source software.

Read More »

Republican leaders of the House Energy and Commerce Committee are pressing the nonprofit Linux Foundation on how the tech community can better mitigate vulnerabilities in open-source software. Rep. Greg Walden (R-Ore.), the committee chairman, and Rep. Gregg Harper (R-Miss.) sent a letter to the Linux Foundation on Monday, citing the critical “Heartbleed” vulnerability discovered in 2014 that impacted thousands of websites and allowed hackers to steal user passwords.

“As the last several years have made clear, OSS [open-source software] is such a foundational part of the modern connected world that it has become critical cyber infrastructure,” the lawmakers wrote. “As we continue to examine cybersecurity issues generally, it is therefore imperative that we understand the challenges and opportunities the OSS ecosystem faces, and potential steps that OSS stakeholders may take to further support it.”

Read More »

CII’s Nicko van Someren weighs in on the Common Vulnerability and Exposures (CVE) assigment system and the implications of delay, giving attackers time to develop and refine their tools and techniques.

Read more at InfoWorld.

Christina Mulligan reports on CII’s latest news announcing its investment in the Open Web Application Security Project Zed Attack Proxy project (OWASP ZAP), a security tool designed to help developers identify vulnerabilities in their web apps.

Read more at SD Times.

CII’s Emily Ratliffe describes the dangers of development teams living below the security poverty line.

Read more at SecurityWeek.

Randal Schwartz and Guillermo Amaral of FLOSS Weekly interview The Linux Foundation’s senior director of security infrastructure Emily Ratliff and David Wheeler of The Institute for Defense Analyses (IDA) and an expert on developing secure software and on open source software.

The Core Infrastructure Initiative (CII) Best Practices badge is a way for Free/Libre and Open Source Software (FLOSS) projects to show that they follow best practices. Projects can voluntarily self-certify, at no cost, by using this web application to explain how they follow each best practice.

Watch the episode here.

Gunnar Hellekson interviews Dr. David A. Wheeler and Emily Ratliff about the launch of CII’s Best Practices Badge program.

Listen to it at The Dave and Gunnar Show.