As IT workers continue their daunting job of protecting network users from bad guys, a few new tools might help stem the tide of vulnerabilities that continue to link open source and proprietary software.
Canonical and Microsoft reached a new agreement to make their two cloud platforms play nicer together. Meanwhile, Microsoft apologized to open-source software devs. But no apology was rendered for BitLocker locking out Linux users.
Let’s get caught up on the latest open-source software industry news.
Vulnerability software platform firm Rezilion on August 12 announced the availability of its new open-source tool MI-X from the GitHub repository. The CLI tool helps researchers and developers quickly know if their containers and hosts are impacted by a specific vulnerability to shorten the attack window and create an effective remediation plan.
“Cybersecurity vendors, software providers, and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes that must be addressed, often immediately,” said Yotam Perkal, director of vulnerability research at Rezilion.
“With this influx of information, the launch of MI-X offers users a repository of information to validate exploitability of specific vulnerabilities, creating more focus and efficiency around patching efforts,” he added.
“As an active participant in the vulnerability research community, this is an impactful milestone for developers and researchers to collaborate and build together,” Perkal noted.

Current tools fail to factor in exploitability as organizations grapple with a litany of critical and zero-day vulnerabilities, and scramble to understand if they are affected by that vulnerability. It is an ongoing race to figure out the answer before a threat actor does.
To make this determination, organizations need to identify the vulnerability in their environment and ascertain if that vulnerability is truly exploitable to have a mitigation and remediation plan in place.
Current vulnerability scanners take too long to scan, do not factor in exploitability, and often miss it altogether. That is what happened with the Log4j vulnerability. The lack of tools gives threat actors a lot of time to exploit a flaw and do major damage, according to Rezilion.
The introduction of MI-X is the first of a series of initiatives Rezilion plans to foster a community around detecting, prioritizing, and remediating software vulnerabilities.
Recent data monitoring of more than 63 million computing devices across 65,000 organizations shows the Linux OS is alive and well within businesses.
New research from IT asset management software firm Lansweeper shows that even though Linux lacks the more widespread popularity of Windows and macOS, plenty of corporate devices run Linux operating systems.
Scanning data from more than 300,000 Linux devices across some 26,000 organizations, Lansweeper also uncovered the popularity of each Linux operating system depending on the total amount of IT assets managed by each organization.
The company released its finding August 4, noting that around 32.8 million people use Linux globally, with about 90% of all cloud infrastructure and almost all the world’s supercomputers being dedicated users.
Lansweeper’s research revealed CentOS is the most widely used (25.6%) followed by Ubuntu (20.8%) and Red Hat (15%). The company did not break out the percentages for users of the numerous other Linux OS distributions in use today.
Chart shows Linux devices by company size
Lansweeper suggested that businesses demonstrate a disconnect between using Linux for its enhanced security and proactively putting security processes in place.
Two recent Linux vulnerabilities this year — Dirty Pipe in March and Nimbuspwn in April — plus Lansweeper’s new data, show that when it comes to protecting what is under their own roof, businesses are going in blind.
“It’s our belief that most of the devices running Linux are business-critical servers, which are the desired target for cybercriminals, and logic shows that the larger the company grows, the more Linux devices there are that must be protected,” said Roel Decneut, chief strategy officer at Lansweeper.
“With so many versions and ways to install Linux, IT teams are having to grapple with the complexity of tracking and managing the devices as well as trying to keep them protected from cyberattacks,” he explained.
Since its launch in 2004, Lansweeper has been developing a software platform that scans and inventories all types of IT devices, installed software, and active users on a network. This allows organizations to centrally manage their IT.
Microsoft Windows users who want to install a Linux distribution to dual boot on the same computer are now between a technological rock and a Microsoft hard place. They can thank an increased use of Windows BitLocker software for the worsening Linux dual-booting dilemma.
Developers of Linux distros are fighting more challenges in supporting Microsoft’s full-disk encryption on Windows 10 and Windows 11 installations. Fedora/Red Hat engineers noted that the problem is worsened by Microsoft sealing the full-disk encryption key is sealed using the Trusted Platform Module (TPM) hardware.

Fedora’s Anaconda installer along with other Linux distribution installers cannot resize BitLocker volumes. The workaround is first resizing BitLocker volumes within Windows to create enough free space for the Linux volume on the hard drive. That useful detail is not included in what are often flimsy installation instructions for dual-booting Linux.
A related problem complicates the process. The BitLocker encryption key imposes another fatal restriction.
In order to unseal, the key must match the boot chain measurement in the TPM’s Platform Configuration Register (PCR). Using the default settings for GRUB in the boot chain for dual boot setups produces the wrong measurement values.
Users trying to dual boot then get dropped to a BitLocker recovery screen when trying to boot Windows 10/11, according to discussions of the problem on the Fedora mailing list.
Canonical and Microsoft have tightened the business knot connecting them with the common goal of better securing the software supply chain.
The two software companies on August 16 announced that native .NET is now available for Ubuntu 22.04 hosts and containers. This collaboration between .NET and Ubuntu provides enterprise-grade support.
The support lets .NET developers install the ASP.NET and .NET SDK runtimes from Ubuntu 22.04 LTS with a single “apt install” command.
See full details here and watch this brief video for the update:

In what might well be the latest case of Microsoft opening its marketing mouth to insert its stumbling foot, the company recently upset software developers by implementing a ban on the sale of open-source software in its app store. Microsoft has since reversed that decision.
Microsoft had announced new terms for its app store to take effect July 16. The new terms stated that all pricing cannot attempt to profit from open source or other software that is otherwise generally available at no cost. Many software developers and re-distributors of free- and open-source software (FOSS) sell installable versions of their products on the Microsoft Store.
Redmond maintained its new restrictions would solve the problem of “misleading listings.” Microsoft claimed FOSS licenses permit anyone to post a version of a FOSS program written by others.
However, developers pushed back noting the problem is easily solved the same way regular stores solve it — through trademark names. Consumers can tell genuine sources of software products from third-party re-packagers with trademark rules that already exist.
Microsoft has since acquiesced by removing references to open-source pricing restrictions in its store policies. The company clarified that the previous policy was intended to “help protect customers from misleading product listings.”
More information is available in the Microsoft Store Policies document.
Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.
Please sign in to post or reply to a comment. New users create a free account.

Cryptocurrency is a viable hedge against inflation: Agree or Disagree?

Loading ... Loading …

Agree strongly
Agree somewhat
Not sure
Disagree somewhat
Disagree strongly×156.jpg
Attacks on Cloud Service Providers Down 25% During First 4 Months of 2022
Canonical Lets Loose Ubuntu 22.04 LTS ‘Jammy Jellyfish’
Low-Code Platforms Help Ease the Shadow IT Adversity Pain×156.jpg
New AI-Powered Service Turns Portraits Into Talking Heads
Apple Refreshes Product Lines, Introduces New Ultra Watch
Study Finds Sports Is King Among Livestreamers×156.jpg
AMD vs. Intel: Suddenly the Desktop PC Is in Play
Electronics Will Cost More in 2023
Apple Shows Off Vast Upgrades to Software, Hardware, User Experiences at WWDC22×156.jpg
How To Configure Windows To Auto Restart After a Power Failure
Linux Mint 21 Release Brings Reviewer a Welcome Reunion
Intehill 15.6″ Portable Monitor Is Masterful at Work and Play×156.jpg
EvilProxy Phishing Service Threatens MFA Protection of Accounts
Coding Vulnerabilities, Linux Growth, FOSS Friction Cap Summer Highlights
Forrester Report Cautions About Web3 Security×156.jpg
Security Demands Shifting Business Backups Away From On-Prem Boxes
Data Observability’s Big Challenge: Build Trust at Scale
The Business Case for Clean Data and Governance Planning×156.jpg
Leapwork CEO: No-Code Platforms Democratize Testing Automation
Cognitive Skills for Engineering Success
Apple and Microsoft Developers Conferences Exhibit Companies’ Strengths, Weaknesses×156.jpg
Intel and How Autonomous Driving Will Fix the Electric Car Problem
Upstart Search Engine Andi Delivers Answers, Not Lists
High-Tech Trends in Law Enforcement and Emergency Response×156.jpg
B2B Funding Firms Banking on Embedded Finance
Unresolved Conflicts Slow eSIM Upgrade Path to Better IoT Security
Cryptocurrency Custody Concerns: Who Holds the Digital Storage Keys?×156.jpg
Cloud Gaming Poised for Takeoff
Qualcomm and the Mobile Video Game Revolution
Stat Firm Reports Less Than 1% of Subscribers Playing Netflix Games×156.jpg
Chinese Hackers Deploy Fake News Site To Infect Government, Energy Targets
5 Cyber Safety Tips To Survive the Internet, Hackers and Scammers
Top Universities Exposing Students, Faculty and Staff to Email Crime×156.jpg
How Not To Do CX, Lenovo Style
KYY 15.6″ Portable Monitor Packs Value With a Healthy Feature Set
New Linux Laptop Line Advances HP, System76 Open-Source Collaboration×156.jpg
Meta Moves To Back Off Removing Covid Misinformation From Platforms
Hack Your Metabolism To Improve Health With the Lumen Smart Device
Amazon Rolls Out Alexa for Senior Living and Healthcare Providers×156.jpg
The Coming Wave of Next-Generation Home Solar Companies
Home Security Market Thriving Despite Dread of False Alarms
Digital Devices of Corporate Brass Ripe for Hacker Attacks×156.jpg
6 Signs Cybercriminals Infected Your Phone and How To Fix It
Start Here When Things Go Wrong on Your Linux System
Computers Use Processes, So Should You×156.jpg
Ubuntu Core 22 Release Addresses Challenges of IoT, Edge Computing
Foundries and Arduino Team To Patch IoT Devices
Remote Work Heightens Privacy and Security Anxiety Among Employees×156.jpg
Tech Whistleblowers Prefer Loud Exit To Quiet Quitting
IT Security Pros Push for Consolidated Standards, Vendor Products
Denmark Tops in Digital Quality of Life, US in Fifth Place×156.jpg
New Software Vulnerability Zeroes In on Microsoft Programs
Hackers Cast LinkedIn as Most-Popular Phishing Spot
Forrester Pegs B2B Fraud, Cyber Insurance Complacency as Top Threats in 2022×156.jpg
The Future of Satellite Phone Communications
Kids’ Screen Use Sees Fastest Rise in 4 Years
Sports Betting Platforms Gambling With Substandard CX×156.jpg
Titan Linux Beta Brings Simplicity, Finesse to KDE Remake
Linux Security Study Reveals When, How You Patch Matters
New Breeze Theme Gives KDE Neon Release Lots of Sparkle×156.jpg
PII of Many Fortune 1000 Execs Exposed at Data Broker Sites
US-Led Seizure of RaidForums May Defy Lasting Effect on Security
Atlas VPN Debuts MultiHop+ for Added Layer of Internet Privacy and Security×156.jpg
InnoView’s 15.6″ 4K Portable Panel Could Be the Ultimate Touchscreen Accessory
Rebuilding Ukraine: 3D Printing and the Metaverse Could Help Create the Cities of Tomorrow
InnoView 15.8″ Portable Display: More Screen Space for Small Devices×156.jpg
DARPA Moves Forward With Project To Revolutionize Satellite Communication
Science, Art Inspire Women in Tech Entrepreneurship
Why Commercial Space Travel Is Unlikely To Scale Up×156.jpg
Microsoft Bing, Yandex Create New Search Protocol
Botify SEO Platform Helps Brands Navigate Organic Search Rankings
Google Cloud Seeks To Cure Retailers’ Search Woes, Help Compete With Amazon×156.jpg
Cyber Asset Management Overwhelming IT Security Teams
30 Years of Linux History Told via Distros
Stale Open Source Code Rampant in Commercial Software: Report×156.jpg
What’s in Store for Next-Gen Digital Wallets
Apple Refreshes iPhone SE, iPad Air, Debuts Studio Desktop
Tesla Smartphone Could Be a Game Changer×156.jpg
A Third of US Social Media Users Creating Fake Accounts
Amazon Lawsuit Fingers Facebook Groups Recruiting Fake Reviewers
Big Tech Firms Move To Squash Deceptive Info on Ukraine Crisis×156.jpg
Nvidia Launches Earth 2 and Goes to War Against Climate Change
Kuo Predicts ‘iPhone 13’ Will Support Satellite Calls and Texting
30 Years Later, the Trajectory of Linux Is Star Bound×156.jpg
VR Platforms Deliver Metaverse-Style Experiences to Online Shopping
Robotic Letter Writing Lends a Hand to Personalized Marketing, CRM
Don’t Become a Fool in the IT Gold Rush×156.jpg
Microsoft Finally Has Truly Competitive Alternatives to Apple Products
New iPad Mini Stars at Apple Refresh Event
Chromebook Shipments Jump 75% YoY in Q2×156.jpg
Musk-Twitter, Qualcomm-Apple, Netflix-Microsoft: Deciphering the Insanity
The World Is Not Yet Ready for Electric Cars
The Importance of the Metaverse Standards Forum×156.jpg
Marketers: Beware Florida’s Mini-TCPA
New EU Law Will Force Google, Meta, Others To Expose Algorithms
Pandemic, Compliance Driving Increased Privacy Spending×156.jpg
Lucid, Nvidia and the Rapidly Changing Future of Electric Cars
Rapid EV Adoption by Low-Income Drivers Needed To Curb Climate Change: Report
BlackBerry and Preparing for the Software-Defined Automobile×156.jpg
Nvidia and Disney Can Breathe Life Into the Metaverse
The Metaverse Future: Are You Ready To Become a God?
New Recipe for Marketing Success: Blend Digital and CX, Mix Well With AI×156.jpg
Apple MR Specs Will Shun Metaverse: Report
Apple Wearables Holiday Sales Knock It Out of the Park
5 Terrific Tech Gift Ideas for Your Holiday Shopping List×184.jpg
Cybercriminals Employing Specialists To Maximize Ill-Gotten Gains
Encouraging Research Finds Brain Adjusts to ‘Third Thumb’
E-Commerce Tending to Health and Wellness Needs
Copyright 1998-2022 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.


Leave a Reply

Your email address will not be published.