Project Zero looked at fixed bugs that had been reported between January 2019 and December 2021. The researchers found that open-source programmers fixed Linux issues in an average of only 25 days. In addition, Linux’s developers have been improving their speed in patching security holes from 32 days in 2019 to just 15 in 2021.
Soon both Google Chrome, the most popular of all web browsers, and the Firefox web browser will release their 100th version. Now, besides just being a cool number, there are technical issues that come with these anniversary releases. Some of those issues may cause your websites to fail.
Tigera claims you can catnap about your container security with its new cloud-native application protection platform (CNAPP) for its Calico Cloud. If the name sounds familiar, there’s a reason. Gartner defined CNAPP as an emerging category of security programs. Its point is to secure cloud-native applications from development to production. Tigera is far from the only company working on this approach. What Tigera brings to this clowder of napping cats is zero trust.
These days it’s not uncommon to interview someone over Zoom and never actually meet them in person. A friend recently told me they hired a great candidate for their Kubernetes senior engineer position. This was a big deal. Kubernetes-savvy people are rarer than hen’s teeth. The person they hired showed he had the technical chops they needed and made it through three rounds of interviews with flying colors.
They offered him the position. He accepted, went through onboarding, showed up at his first real virtual meeting—and it wasn’t the same guy.
He literally wasn’t the person they’d interviewed. He didn’t look the same, didn’t talk the same, and most important of all, he didn’t have the job skills they needed. My buddy told me, “It was clear after five minutes that he may have taken some Kubernetes classes, but he’d never really worked with it.”
Words fail me. I’m used to people lying about their skills, exaggerating their experience, or padding their résumés. We all are. But this? This takes it to a new level.
Linux is largely secure. Sure, it has security problems like any other operating system, but they tend to get fixed quickly and completely. Unfortunately, if you don’t install Linux correctly on your servers or clouds, while you may not be as vulnerable if you were running Windows XP, you’re still in danger. VMware Threat Analysis Unit (TAU) explores these threats in detail in its new report, Exposing Malware in Linux-based Multi-Cloud Environments.
Let’s start with what we all know. Linux is the top cloud operating system. Linux also powers over 78% of the most popular websites. Hackers aren’t stupid. They know that they can make more bucks from targeting clouds wholesale than going after Windows PCs retail. So, they’re increasingly targeting vulnerable Linux-based systems.