Making memcpy(NULL, NULL, 0) well-defined
C2y makes memcpy(NULL, NULL, 0) and other zero-length operations on null pointers well defined. This removes a source of bugs that may result in security issues.
C2y makes memcpy(NULL, NULL, 0) and other zero-length operations on null pointers well defined. This removes a source of bugs that may result in security issues.
Find out what's new in Red Hat Enterprise Linux (RHEL) 9.5, including enhancements for workloads, container management and security, and Identity Management.
Log4Shell exposed a massive security gap in widely used open-source software. Learn how a multidimensional analysis approach can help you prevent the next big vulnerability in your stack.
Explore how to modify a non-standard library cryptography operation to call into OpenSSL conditionally based on system FIPS requirements.
As cyber threats become increasingly sophisticated, organizations need robust
Aside from naming and versioning, managing sensitive assets, like credentials, is one of the more challenging aspects in technology. So, why is it so difficult? Well, to start off. What may be considered a sensitive asset to one individual or organization may not be the same as another. Also, given that there are so many different ways that sensitive assets can be managed, there is no universally accepted method available.
The challenges that encompass how sensitive assets are handled also apply to image mode, a new method that enables building and deploying Operating Systems using similar tools and approaches as any other traditional container. In this article, we will discuss the types of sensitive assets that apply to image mode for RHEL specifically and how to design appropriate workflows to incorporate secure practices within all phases, from build and deployment to runtime.
1.0.2 Maintenance Release Announcement In case you were wondering why there hasn
Find out how you can track and report on vulnerabilities across a large container registry like Quay.io using Clair, the open source container security tool.
Explore the benefits of hosted control planes, a new deployment model for Red Hat OpenShift Service on AWS based on the HyperShift open source project.
Explore Rust features that can help you write more secure code, along with techniques and tips to help make software more resilient to attacks.
Download this e-book to learn key concepts for building security into your software supply chain, along with best practices for implementation.
Learn the basics of OperatorPolicy, a new kind of resource, and how you can use it to manage Operator Lifecycle Manager resources across a fleet of clusters inside the policy framework.
Learn how Red Hat Insights can synchronize its system tags with external sources, such as Amazon Elastic Compute Cloud (EC2) and Microsoft Azure.
Join Red Hat Developer for the software and tutorials to develop cloud applications using Kubernetes, microservices, serverless and Linux.
Learn about the ComplianceAsCode project for Red Hat OpenShift, which aims to provide security and compliance content for various distributions and products.
Explore the benefits of testing Ansible content within Red Hat OpenShift Dev Spaces.
This article demonstrates how to install Ansible lint and provides examples of how it improves playbook debugging and saves time.
Discover more about Red Hat Trusted Application Pipeline, a secure and easy solution for the DevSecOps outer loop.
This article demonstrates how to install MSSQL using Ansible Vault, an Ansible Automation Platform feature, to protect sensitive information.
Learn how the FORTIFY_SOURCE feature in the GNU C library improves C code security by detecting and preventing buffer overflow, and more.
Learn how to deploy single sign-on as code using GitOps in this demonstration.
Learn about OS command injection attacks and 4 essential best practices to prevent them.
Discover how to improve application and library security at the source with _FORTIFY_SOURCE macro defined to 3 and how it impacts performance.
Valgrind can be used to track file descriptors. Learn how to find file descriptors at various stages of your program and where they were originally opened.