Red Hat Security Blog: January 2013 archives

  • A minimal security response process

    This blog post outlines a lightweight security response process for community upstream projects: What you (as a project maintainer or contributor) can do to be prepared for incoming reports of security vulnerabilities, and to eventually respond with a security update. This is purely reactive - it is not about not shipping vulnerable code in the first place. But it is an important step in the right direction, and one that requires relatively little effort. Release engineering Without a minimal...
    Posted 2013-01-30T13:00:12+00:00 - 0
  • Detecting vulnerable Java dependencies at build time

    Background Java is a very popular programming language. Two key reasons for its popularity are security and the availability of a huge ecosystem of libraries and components. Since most Java applications make use of a wide range of libraries, which in turn have dependencies on other libraries, it is difficult to ensure the integrity of these applications from a security perspective. A recent study by Aspect security has revealed the significance of this problem. This study found that 26% of...
    Posted 2013-01-02T13:00:20+00:00 - 0