EU Launches Bug Bounty for 15 Open Source Projects

Infosecurity Magazine | January 03, 2019

EU Launches Bug Bounty for 15 Open Source Projects
Working in partnership with HackerOne and Intigriti, the EU announced that the European Commission will launch a bug bounty program as part of the Free and Open Source Software Audit (FOSSA). The third edition of FOSSA will include 15 software programs: 7-zip, Apache Kafka, Apache Tomcat, Digital Signature Services (DSS), Drupal, Filezilla, FLUX TL, the GNU C Library (glibc), KeePass, midPoint, Notepad++, PHP Symfony, PuTTY, VLC Media Player and WSO2, according to EU Parliament member Julia Reda. Reda, who has written extensively about the security risks in Open SSL, launched the FOSSA project with her colleague Max Andersson in 2015, which is moving into phase three. The first 14 bug bounty projects will commence in January 2019, with the final project beginning in March. While bug bounty programs call upon the hacker community to come together in search of vulnerabilities, applying the crowdsourced concept to open source presents unexpected challenges, according to Tim Mackey, senior technical evangelist at Black Duck by Synopsys.

Spotlight

With the Infoblox Threat Containment and Operations solution, your organization can eliminate silos between networking and security technologies and improve the ROI of your existing security investments. The solution improves security operations and awareness of security events. It does so by automatically gathering and analyzing a broad set of network data that gives your security teams the information and context they need to more rapidly and efficiently discover, prioritize and remediate security events that pose the greatest harm.

Spotlight

With the Infoblox Threat Containment and Operations solution, your organization can eliminate silos between networking and security technologies and improve the ROI of your existing security investments. The solution improves security operations and awareness of security events. It does so by automatically gathering and analyzing a broad set of network data that gives your security teams the information and context they need to more rapidly and efficiently discover, prioritize and remediate security events that pose the greatest harm.

Related News

DATA SECURITY

Lack of Remote and Hybrid Work Policies Put Education Industry at Risk for IT Security Issues

Apricorn | July 23, 2021

The leading manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB drives, Apricorn, has announced various findings for the education sector from the Apricorn Global IT Security Survey, 2021. The survey says the education industry lacks concern about security threats from employees and, due to limited IT security policies related to remote work, has a greater risk for cybersecurity breaches and data loss than other industries. For example, 69.4% of respondents say, as targets that attackers can use to access data, employees at their organizations don't think of themselves, compared to 37.5% in information technology (IT). The survey was to compare cybersecurity policies of various industries about hybrid and remote work. More than 400 respondents completed the survey. Unfortunately, the education industry constantly lags behind many other healthcare, manufacturing, IT, and financial services when executing lost/stolen devices and data security policies. Remarkably, compared to 55% in IT, only 26% of respondents in the education industry agreed that they have policies regarding lost/stolen devices. Many education institutions, in the Fall, will be returning to in-person instruction; however, in the education sector, most survey respondents (90.77%) said a hybrid work option exists. Organizations in education demonstrated a trend of allowing employee choice when it comes to policy adherence when asked about policies and procedures that have been put in place regarding transporting data and devices. Compared to an average of 52% for other top industries, only 20% of education organizations require encrypted hardware. More than half of EDUCATION organizations permit the use of personal USB devices. About Apricorn Founded in 1983, Apricorn is a leading provider of secure storage innovations to prominent companies in education, healthcare, finance, and government throughout North America, EMEA, and Canada. Apricorn products have become the trusted standard for a myriad of data security strategies worldwide. Under the Apricorn brand, numerous award-winning products and patents have been developed.

Read More

DATA SECURITY

Strangeworks and Quantinuum Collaborate to Integrate Quantum-enhanced Cryptographic Key Service

Quantinuum | January 06, 2022

A global leader in quantum computing software, Strangeworks, announced its collaboration with the largest integrated, stand-alone quantum computing company in the world, Quantinuum. Quantinuum offers various vertically integrated solutions, such as comprehensive, hardware-agnostic quantum software and the highest-performing quantum computer. This collaboration aims at implementing quantum-enhanced cryptographic keys, Quantum Origin, and Quantinuuminto the Strangeworks ecosystem. As the world's first commercial product to generate cryptographic keys using quantum computers, Quantum Origin will become an essential ecosystem component. It will also provide seamless access to superior cryptographic keys to its users to help protect them against current security threats. "It's fitting that Strangeworks would expand its industry-leading platform to include quantum technology to help defend against today's cyber threats,We are excited to integrate Quantum Origin to generate the strongest cryptographic keys for Strangeworks and their customers, based on verifiable quantum randomness." Duncan Jones, Head of Cybersecurity at Quantinuum and Cambridge Quantum Strangeworks, as the world's leading Quantum Service Provider™, is constantly improving to provide its users with the latest quantum-based security offerings through the ecosystem. It is crucial to enable the latest in cybersecurity technology, such as the variety of quantum systems available and the data sharing with its users. Once they implement Quantum Origin, they will become the first to do it. "We're excited to welcome Quantinuum into the Quantum Syndicate. Expanding our managed quantum services to encompass cyber security is a natural addition to our enterprise offerings," said William Hurley, founder and CEO of Strangeworks. "The integration of Quantum Origin enables enterprises around the world with a seamless path to quantum-generated cryptographic keys to protect their sensitive data."

Read More

SOFTWARE SECURITY

Cybermaxx Cybersecurity Provider partners with Logi Analytics to strengthen MAXX Data Defense Systems Suite data analytics capabilities.

prnewswire | November 02, 2020

Today, Logi Analytics, the main supplier of installed examination answers for programming groups, and CyberMaxx, the pioneer in network protection tasks administrations for medical care associations, report another organization incorporating Logi Info into CyberMaxx's MAXX Data Defense Systems set-up of oversaw security administrations and arrangements. CyberMaxx will be revealing the new information examination capacities beginning November second, 2020. Progressed information examination is a higher priority than any time in recent memory for network safety tasks groups – especially with cyberattacks expanding year-over-year for organizations, all things considered. For MSSPs like CyberMaxx, which is totaling information from various sources at the same time, viable representations and revealing is basic to guaranteeing their security administrations stay on top of things so their clients can settle on speedy choices and decrease their danger of a break. Presently with Logi Info, CyberMaxx is improving its information investigation and detailing capacities while as yet holding the innovative adaptability that has made it a powerful online protection accomplice to undertakings for more than 15 years. "Enterprises are dealing with an increasing volume of threats, and MSSPs entrusted with protecting these firms can't afford to lose their knowledge advantage – or else breaches will only continue," says Brett Hansen, CMO at Logi Analytics. "With the Logi Symphony suite of services – including Logi Info – CyberMaxx is now able to embed powerful data analytics, reporting, and visualization capabilities into their MAXX suite of managed services – equipping their security team and customers with the threat visibility and actionable data insights that are the difference between partner safety and business disruption." CyberMaxx has been giving overseen security administrations to endeavors for over 15 years, zeroing in on the three mainstays of individuals, cycle, and innovation to forestall, recognize, and react to cyberattacks. Eminently, CyberMaxx gives specific oversaw security administrations to endeavors in the medical care, money related administrations, and retail areas – requiring chief network safety skill as well as an intensive comprehension of the specific consistence needs every area requires. It's all day, every day/365 security activities place (SOC) and network safety group are more basic than any other time in recent memory for these organizations, and with Logi Info CyberMaxx can give clients will more noteworthy danger knowledge and announcing highlights that will forestall, distinguish and react to breaks quicker than at any other time. "CyberMaxx is constantly pushing forward to anticipate our customers' needs and provide the highest level of service in our industry, which is evidenced today by our 99% customer retention rate. The partnership with Logi and the combined force of the CyberMaxx and Logi teams have delivered an innovative data analytics platform with powerful dashboards that will help our customers prevent costly breaches." said Thomas Lewis, CEO of CyberMaxx. CyberMaxx can utilize Logi Info as a component of its more extensive Logi Symphony membership – which furnishes the MSSP with admittance to the full Logi Analytics programming suite for a solitary, set cost. As CyberMaxx's investigation needs develop over the long haul, they'll have the option to exploit the full broadness of Logi Analytics' bleeding edge implanted examination instruments effortlessly and cost-effectiveness. Logi Analytics' insight and comprehension of installed examination is basic to network safety activities for organizations in 2020 and past. These instruments help improve perceivability of dangers and new or disregarded assault vectors, while making it simpler for IT experts to dissect and follow up on the information without disturbing application work process. For MSSPs, these capacities are taking on consistently expanding significance as endeavors move a greater amount of their IT activities to the cloud while the quantity of endpoint gadgets increments essentially – especially in the wake of the COVID-19 pandemic and the more extensive move to far off work thus. About Logi Analytics Logi Analytics empowers the world's software teams with the most intuitive, developer-grade embedded analytics solutions and a team of dedicated people, invested in your success. Logi leverages your existing tech stack, so you can quickly build, manage and deploy your application. And because Logi supports unlimited customization and white-labeling, you have total control to make the application uniquely your own. Over 2,200 application teams have trusted Logi to help power their businesses with sophisticated analytics capabilities. About Cybermaxx CyberMaxx prevents, detects, and responds to cyberattacks for healthcare organizations. CyberMaxx equips its customers with a 24/7/365 security operations center with services including endpoint threat detection and response, network-based threat detection and prevention, security information and event management (SIEM) with advanced data analytics, vulnerability risk management, and incident response services.

Read More