Red Hat Security Blog: January 2013 archives

  • A minimal security response process

    This blog post outlines a lightweight security response process for community upstream projects: What you (as a project maintainer or contributor) can do to be prepared for incoming reports of security vulnerabilities, and to eventually respond with a security update. This is purely reactive - it is not about not shipping vulnerable code in the first place. But it is an important step in the right direction, and one that requires relatively little effort. Release engineering Without a minimal...
    Posted 2013-01-30T13:00:12+00:00 - 0
  • Enterprise Linux 5.8 to 5.9 risk report

    Red Hat Enterprise Linux 5.9 was released this month (January 2013), just under a year since the release of 5.8 in February 2012. So let's use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 5 Server. Red Hat Enterprise Linux 5 is coming up to its sixth year since release, and will receive security updates until March 31st 2017. Errata count The chart below illustrates the total number of...
    Posted 2013-01-16T13:00:55+00:00 - 0
  • Detecting vulnerable Java dependencies at build time

    Background Java is a very popular programming language. Two key reasons for its popularity are security and the availability of a huge ecosystem of libraries and components. Since most Java applications make use of a wide range of libraries, which in turn have dependencies on other libraries, it is difficult to ensure the integrity of these applications from a security perspective. A recent study by Aspect security has revealed the significance of this problem. This study found that 26% of...
    Posted 2013-01-02T13:00:20+00:00 - 0