So a new initiative – the Open Source Computer Emergency Response Team known as oCERT has been set up one of the main sponsors being Google (read more here – Contributing to Open Source Software Security).
The oCERT project is a public effort providing security handling support to Open Source projects affected by security incidents or vulnerabilities, just like national CERTs offer services for their respective countries.
The service aims to help both large infrastructures, like major distributions, and smaller projects that can’t afford a full-blown security team and/or security resources. This means aiding coordination between distributions and small project contacts. The goal is to reduce the impact of compromises on small projects with little or no infrastructure security, avoiding the ripple effect of badly communicated or handled compromises, which can currently result in distributions shipping code which has been tampered with.
It’s a pretty interesting project and I hope it takes off – it will be a good place to gather information for small and large open source projects alike and make things more secure for everyone involved.
Check it out here:
Recent in Exploits/Vulnerabilities:
- 2 Different Hacker Groups Exploit The Same IE 0-Day
- Researchers Crack 4096-bit RSA Encryption With a Microphone
- vBulletin.com Hacked – Forum User Emails & Encrypted Passwords Leaked
- OpenOffice.org Security ‘Insufficient’
- Firefox Patches 8 Security Vulnerabilities with 184.108.40.206
- OpenMusic – Free Music for a free World
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 224,496 views
- AJAX: Is your application secure enough? - 118,889 views
- eEye Launches 0-Day Exploit Tracker - 84,983 views