Today, almost everything includes open source software. Understanding your software’s supply chain tells you how secure it is, just like knowing where your food comes from helps you decide if it’s safe to eat.
In this issue: Security and open source software
- How do you know if your software is secure?
- FEATURED Container security: What’s inside counts
- Shellshock: How IKEA patched 3,500 servers in 2.5 hours
- What IT pros think about security in 2016
- 2016 security trends | Open source means stronger security | Security infographic
- Recommended | Red Hat news and more | Events
From the editor
How do you know if your software is secure?
Software is like food: To know it’s safe, you need to know where it comes from and what’s in it.
Today, almost everything includes open source software—from TVs to space probes to enterprise apps. Your business software likely includes third-party, open source components, too. Understanding your software’s supply chain tells you how secure it is, just like knowing where your food comes from helps you decide if it’s safe to eat. Ask your vendors where their software comes from, and if they:
- Closely track upstream projects.
- Inspect, test, secure, log, and digitally sign everything from the community that goes into their commercial software.
- Supply high-quality security updates and monitor sources for ongoing threats.
- Have a dedicated product security team that can cut through the hype of branded threats, like Shellshock and Heartbleed, and patch the problem quickly.
- Have clearly defined software life cycles.
If your vendors can’t answer these questions, you might want to rethink those relationships.
Watch the “Securing the software supply chain” webinar to learn more
Container security: What’s inside counts
“[A container is] an image that contains just what you need that you run only when you need it,” explains Josh Bressers (@joshbressers), security strategist at Red Hat, in his article Securing containers before they take over the world. “There isn’t a bunch of extra software installed and running.”
Less stuff means less risk, right? Not exactly. And with the growing use of containers, it’s time to get serious about securing them.
Read the article
Shellshock: How IKEA patched 3,500 servers in 2.5 hours
IKEA runs 3,500 Red Hat® Enterprise Linux® servers in 35 countries. Red Hat notified IKEA of the Shellshock bug on the day it was reported, and 2 people at IKEA patched all the servers in just 2.5 hours.
How? With Red Hat Satellite.
But the real story is how IKEA's servers are standardized and up to date. This plus unified system management helps IKEA quickly react to major events like Shellshock.
Watch the “IKEA vs. Shellshock” webinar for details
10 rules of SOEs
A standardized operating environment can simplify your IT structure—but it takes planning. Download the e-book.
"Secure Foundations" virtual event
Watch part 1 and part 2 sessions on demand.
Top security concerns: What IT professionals think
Source: TechValidate Research on Red Hat Enterprise Linux
- 47% Potential loss of customer trust
- 36% Poor employee security practices
- 33% Risks from outside breaches
- 14% Unpatched or unpatchable devices
See the full results
More to learn
Network World: 5 security trends to watch for 2016
With the average cost of a data breach (US$3.79 million) expected to grow this year, you might want to keep these major security trends in mind when updating your InfoSec plans for 2016.
Is your open source software less secure?
“There is no such thing as perfect security. …the goal of locking up your valuables is not to make them impossible to steal, but rather expensive to steal.”
Read the article
Infographic: Your guide to IT security and open source
Find out what CIOs, Fortune 500 leaders, and industry experts think about IT security and enterprise open source software.
Around the web
- Apache: Big Data - May 9-12 - Vancouver, BC, Canada
- DrupalCon - May 9-13 - New Orleans, LA
- ApacheCon - May 11-13 - Vancouver, BC, Canada
- OSCON - May 16-19 - Austin, TX
- PGCon - May 17-21 - Ottawa, ON, Canada
- Red Hat Technical Event Series: Containers in the Enterprise
- Seattle, WA - May 3
- Portland, OR - May 4
- San Diego, CA - May 5
- Washington, D.C. - May 10
- Indianapolis, IN - June 2
- Miami, FL - June 9
- Red Hat Summit - June 27-30 - San Francisco, CA
Subscribe to Red Hat Shares