The Victims project is a Red Hat initiative that aims to detect known vulnerable dependencies in Java projects and deployments. Our initial focus was Java…read full post

All classes which implement the java.io.Serializable interface can be serialized and deserialized, with Java handling the plumbing automatically. In the first part of this two-part series, we look …read full post

In the mid-1990s Secure Sockets Layer (SSL) was introduced for securing network communications.  The released version, version 2, contained several security holes and was quickly updated to…read full post

We live in an electronic age. Nowadays, more and more manifestations of human identity are available via electronic media. Besides advantages, this facility brings challenges…read full post

In February 2013, President Obama signed an executive order to help increase the cybersecurity of public utilities across the United States by protecting their critical…read full post

GCC upstream and Fedora 19 recently improved the stack smashing protector. Each time we add more security instrumentation, we also uncover some previously hidden bugs…read full post

Cryptology is a young science. Though it has been used for thousands of years to hide secret messages, systematic study of cryptology as a science (and perhaps…read full post

TLS or Transport Layer Security is one of the most widely used protocols on the Internet.  A replacement for SSL, when you visit a website…read full post

If you are on the Internet then you more than likely have used encryption whether you knew it or not.  Logging into the Gmail™ webmail…read full post

Recently, we've partnered with the folks at Tech Target to survey a group of public sector IT decision makers to uncover some of the priorities…read full post