AWS Open Source Blog

Category: Security

AWS Open Source logo.

AWS Investing an Additional $10 Million in Open Source Supply Chain Security

Security is our top priority at AWS. As a result, we are committed to contributing to the quality and safety of open source software. We see great value in contributing both engineering efforts and also projects, tools, training, and guidelines to help improve the security of open source software. These efforts benefit us, our customers, […]

Read More
kras99 - stock.adobe.com internet digital security technology concept for business background. Lock on circuit board

Security features of Bottlerocket, an open source Linux-based operating system

Bottlerocket is an open source Linux-based operating system from Amazon that was purpose built for running containers with a strong emphasis on security. The result is an operating system that comes with a variety of built-in controls for creating a secure environment for running containerized workloads. In this post, we’ll explore several of the security […]

Read More
kras99 - stock.adobe.com internet digital security technology concept for business background. Lock on circuit board

Introducing AWS Security Analytics Bootstrap

Organizations running workloads in Amazon Web Services (AWS) often must search and analyze logs to troubleshoot or investigate operations, governance, or security events. Amazon Athena enables AWS customers to search and analyze log data directly from in Amazon Simple Storage Service (Amazon S3) using standard SQL queries. Additionally, we understand that customers need a common […]

Read More
Song_about_summer – stock.adobe.com

Scaling threat prevention on AWS with Suricata

This post was written by Victor Julien, Kelley Misata, Shakeel Ahmad, and Maritza Mills. Suricata is a fast, robust, open source network threat detection engine that includes real-time intrusion detection (IDS), an inline intrusion prevention system (IPS), network security monitoring (NSM), and offline packet capture (pcap) processing. Suricata is owned by the community-run, non-profit Open […]

Read More

How a startup wants to help secure the open source ecosystem with huntr, a bug bounty board

This article is a guest post from 418sec co-founders Adam Nygate, Jake Mimoni, and Jamie Slome. Dependency on open source code has grown over the years, and as new open source technologies are introduced, so are more vulnerabilities. Review by “many eyes” helps secure open source software, and depends on exposing the code to as […]

Read More
Open Distro for Elasticsearch logo.

Launching Open Distro for Elasticsearch security features on Amazon Elasticsearch Service

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. Visit the website to learn more. We are excited to announce that we are making new Open Distro for Elasticsearch security features available on Amazon Elasticsearch Service. Amazon Elasticsearch Service is frequently used for sensitive enterprise workloads, and today’s launch adds multiple […]

Read More
Security Hub Cloud Custodian logo

Announcing Cloud Custodian Integration with AWS Security Hub

中文版 One of the popular options for automated security, compliance, and cost management solutions in the cloud is Cloud Custodian, an open source project sponsored by Capital One. Cloud Custodian is a flexible rules engine with policies written in simple YAML configuration files, with support for over 144 AWS resource types. However, because Cloud Custodian […]

Read More

Better Random Number Generation for OpenSSL, libc, and Linux Mainline

中文版 In 2015, AWS introduced s2n, a new open source implementation of the TLS/SSL protocols that protect the privacy and integrity of data moving over a network. s2n was designed to be secure, simple, small, and fast. The project is thriving, and we use it extensively. In February, our CISO Stephen Schmidt shared that “we […]

Read More