|
Source: net-security - Posted by Bill Keys
|
The Tokeneer project was commissioned by the NSA from Praxis High Integrity Systems as a demonstrator of high-assurance software engineering. Developed using Praxis’ Correctness by Construction (CbyC) methodology it uses the SPARK Ada language and AdaCore’s GNAT Pro environment. The project has demonstrated how to meet or exceed Evaluation Assurance Level (EAL) 5 in the Common Criteria thus demonstrating a path towards the highest levels of security assurance.
Have you heard the NSA has released their security research project called Tokeneer as open source? I found interesting about the project is that it uses the SPARK Ada programming language. What do you think about this project?Write Comment |
|
|
Source: nsa.gov - Posted by Bill Keys
|
NSA initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities. NSA's work to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA's customers the best possible security options in the most widely employed products. The objective of the NSA research program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms. NSA does not favor or promote any specific software product or business model. Rather, NSA is promoting enhanced security.
The NSA has new page on their site with information on a tons of security resources for both open source and proprietary software. Check it out you might learn something new.Write Comment (1 Comments) |
|
|
Source: us-cert - Posted by Bill Keys
|
US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed.
Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site.
The US-CERT released on there list of security vulnerability, a attack on SSH keys. If you want more detail on this security risk check out this article on their site.
Write Comment (2 Comments) |
|
|
Source: gcn - Posted by Bill Keys
|
NSA takes its Flask architecture to the open-source community to offer an inexpensive route to trusted systems.Architecture created by the National Security Agency and expanded with help from the open-source community will save the Defense Department and intelligence agencies millions in hardware costs.
With Flask, “we can guarantee that high-integrity data can’t be corrupted by untrustworthy entities or that sensitive data doesn’t leak to untrustworthy entities,” said Stephen Smalley, one of the chief developers of Flask at NSA. The best part is that the technology requires no specialized hardware or operating system.
What do you think about the Flask architecture? This article looks at this security architecture and how SELinux came about from it and it's impact on open source security.Write Comment |
|
|
Source: lwn.ne - Posted by Bill Keys
|
SAN FRANCISCO - May 20, 2008 - CoverityT, Inc., the leader in improving
software quality and security, today announced the availability of the Scan
Report on Open Source Software 2008. The Coverity Scan site was developed
with support from the U.S. Department of Homeland Security as part of the
federal government's 'Open Source Hardening Project.' The report is based on
2 years of analysis of more than 55 million lines of code on a recurring
basis from over 250 popular open source projects with Coverity PreventT, the
industry-leading static source code analysis solution.
This projects seems to be on the right track in improving open-source security. What do you think? Will this project make a big impact on code quality and security?Write Comment |
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 1 - 9 of 1080 |