Today we are happy to announce Snapchange, a new open source fuzzing tool from the AWS Find and Fix (F2) open source security research team.
AWS will be directly funding $500,000 to the Open Source Technology Improvement Fund (OSTIF) as a portion of our ongoing investments in supply chain security.
Security is our top priority at AWS. As a result, we are committed to contributing to the quality and safety of open source software. We see great value in contributing both engineering efforts and also projects, tools, training, and guidelines to help improve the security of open source software. These efforts benefit us, our customers, […]
Bottlerocket is an open source Linux-based operating system from Amazon that was purpose built for running containers with a strong emphasis on security. The result is an operating system that comes with a variety of built-in controls for creating a secure environment for running containerized workloads. In this post, we’ll explore several of the security […]
Organizations running workloads in Amazon Web Services (AWS) often must search and analyze logs to troubleshoot or investigate operations, governance, or security events. Amazon Athena enables AWS customers to search and analyze log data directly from in Amazon Simple Storage Service (Amazon S3) using standard SQL queries. Additionally, we understand that customers need a common […]
This post was written by Victor Julien, Kelley Misata, Shakeel Ahmad, and Maritza Mills. Suricata is a fast, robust, open source network threat detection engine that includes real-time intrusion detection (IDS), an inline intrusion prevention system (IPS), network security monitoring (NSM), and offline packet capture (pcap) processing. Suricata is owned by the community-run, non-profit Open […]
This article is a guest post from 418sec co-founders Adam Nygate, Jake Mimoni, and Jamie Slome. Dependency on open source code has grown over the years, and as new open source technologies are introduced, so are more vulnerabilities. Review by “many eyes” helps secure open source software, and depends on exposing the code to as […]
We are excited to announce that we are making new Open Distro for Elasticsearch security features available on Amazon Elasticsearch Service. Amazon Elasticsearch Service is frequently used for sensitive enterprise workloads, and today’s launch adds multiple capabilities to give you even tighter control over your data. New features include the ability to use roles to […]
中文版 One of the popular options for automated security, compliance, and cost management solutions in the cloud is Cloud Custodian, an open source project sponsored by Capital One. Cloud Custodian is a flexible rules engine with policies written in simple YAML configuration files, with support for over 144 AWS resource types. However, because Cloud Custodian […]
中文版 In 2015, AWS introduced s2n, a new open source implementation of the TLS/SSL protocols that protect the privacy and integrity of data moving over a network. s2n was designed to be secure, simple, small, and fast. The project is thriving, and we use it extensively. In February, our CISO Stephen Schmidt shared that “we […]