Some of the biggest names in security have banded together for a new industry initiative to make it easier for different security technologies to work together.
Keeping software secure isn't just the developer's job. GitHub is strengthening its ecosystem with tools for developers, researchers, and project maintainers to identify and fix software vulnerabilities.
Bug bounty programs fill a need, but the European Union's offer to pay bug bounties for vulnerabilities in open source forgets one thing: projects don't need more flaws. Open source projects need people to fix the flaws.
With a 9.8 rating on the Common Vulnerability Scoring System, the privilege escalation flaw in container orchestration system Kubernetes is as bad as it can get. Any user will be able to remotely gain full administrator privileges on any node in the cluster.
Netflix has released a desktop version of its open source Stethoscope security health check tool, which provides detailed information on how to fix security issues on a device.