Open Security News week 11-2022

FOSS inside does not mean the software is any better than proprietary software. We believe in open and simple cyber security solutions. Openness and transparency builds trust. There are no silver bullets when it comes to cyber security.

1 Steal Data During Homomorphic Encryption

Homomorphic encryption is considered a next generation data security technology, but researchers have identified a vulnerability that allows them to steal data even as it is being encrypted.


2 Plausibly deniable encryption

Nice read on rubber-hose cryptanalysis or in normal language: The extraction of cryptographic secrets when beating a person. Read this if you want to protect freedom and be more resilience against torture practices when using encryption.


3 The right thing for the wrong reasons: FLOSS doesn’t imply security

Don’t assume software is safer than proprietary alternatives just because its source is visible; come to a conclusion after analyzing both. FLOSS is obviously preferable from a security perspective. But source availability does not imply security. So use e.g. OpenSSF Best Practices Badge.


4 Apache Ranger: Policy Model

Apache Ranger is an extensible framework that enables enterprises to adopt a consistent approach to authorize access to their resources across multiple services/applications/cloud. Apache Ranger framework also enables enterprises to collect audit logs of access to their resources, to help meet various compliance requirements.

5 Firmware Software Bill of Materials

I’m not yet a big fan of SBoMs as measurement for reducing security risks. But this blog gives me a new perspective and again points at some advantages. A Software Bill of Materials (aka SBoM) is something you’ve probably never heard of, but in future years they’ll hopefully start to become more and more important.

6 How to secure your data in less than 10 minutes

Don’t wait for the next data privacy settlement or breach. Data Privacy Day has come and gone. I like simple security solutions that help. Simple security measurements can make a big difference. This is a great post full of simple tips.

7 Gartner: 7 Security and Risk Management Trends for 2022

I don’t like Garner reports. Predictions without scientific basis are suspicious. But governments and large enterprises take Gartner predictions serious. So it is always good to be aware of Gartner trend reports. In a recent report, Gartner outlined seven trends impacting cybersecurity and risk management practices in the coming year.

8 How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

Cyber assurance, which is the ability to operate under the onslaught of cyber attacks and other unexpected events, is essential for organizations facing inundating security threats on a daily basis. Organizations usually employ multiple strategies to conduct risk management to achieve cyber assurance.
(arXiv Link)

9 The 1980s news report on early internet virus

Continuous learning is key for cyber security. But learning should be fun. So check this story on a computer virus in 1980. Named after its creator the Morris Worm was one of the first programs to replicate itself via vulnerabilities in networked computer systems.


Our partners:


The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.