Charles Babcock updates us on the Network Time Foundation’s funding status in an article called How The Network Time Foundation Uses Its Funding. The Linux Foundation money goes directly to support Stenn’s work on the protocol.
Read more at InformationWeek.
Business Insider’s Julie Bort includes CII’s Emily Ratliff in her annual list of top female engineers. The Linux Foundation’s major “Core Infrastructure Initiative,” which does security reviews for some of the most important software in the world
Read more at Business Insider.
Swapnil Bhartiya interviewed Jim Zemlin about the mention of CII in President Obama’s Cybersecurity National Action Plan and wrote about it in an article called Linux goes to Washington: How the White House/Linux Foundation collaboration will work. No doubt by now you’ve heard about the Obama Administration’s newly announcedCybersecurity National Action Plan (CNAP). But what you may not know is that the White House is actively working with the Linux and open source community for CNAP.
Read more at CIO.
Linux.com published CII’s Emily Ratliff’s article on 7 Things to Consider Before Fuzzing a Large Open Source Project
Dr. Wheeler recommends, “I’d consider writing a fuzzer specific to the project’s APIs & generate random inputs based on them, and adding lots of assertions that are at least enabled during fuzzing. If you know your API (or can introspect it), creating a specific fuzzer is pretty easy – grab your random number generator, set up an isolated container or VM for the fireworks, and go. ”
Read more at Linux.com.
OpenSSL posted new releases 1.0.1r and 1.0.2f this week. Michael Mimosa describes the content of the new releases in the Threatpost article “OpenSSL to Patch Two Vulnerabilities This Week” including the following quote from the OpenSSL security advisory:
“They will fix two security defects, one of ‘high’ severity affecting 1.0.2 releases, and one ‘low’ severity affecting all releases,” OpenSSL said in its advisory.
Read more on Threatpost.
