Prioritizing Software Security in the Changing Linux Landscape

Posted on November 2, 2021
Author: RunSafe Security

In a recent webinar hosted by RunSafe Security, moderator Nick Rea, Customer Engineering Leader at Google Cloud, guides a discussion on changing Linux distributions. Learn how containers and cloud services impact security from panelists with expertise in linux, software security, and technology research:

  • Greg Kurtzer, CEO of Ctrl IQ, original CentOS author, and founder and creator of Rocky Linux, a community-driven effort to offer enterprise-grade, production-ready Linux
  • Brad LaPorte, former analyst at Gartner, a technology research and consulting company
  • Doug Britton, CTO of RunSafe Security, a solution that immunizes software from cyber attacks and disrupts bad actor economics without developer friction

Linux Open Source Software Evolutions Can Leave You Vulnerable

Linux is a prevalent component of nearly every workload: more than 90% of cloud workloads and 70% of web servers run on it. Like all technology solutions, Linux has continued to evolve over time, potentially opening you up to new cyber security threats. Bad actors often have an advantage because they are working against known security measures and the cloud has made it easier to share information on successful entry points. That means it’s vital you stay on top of known and potential vulnerabilities.

LaPorte offered some sobering data when commenting on how the security landscape has changed:

  • Malware families alone have grown 40% year over year since 2019 and 500% over the past decade.
  • The IBM Exforce Threat Intelligence Index shows exploits are now the main attack vector, bumping phishing from its decade-long run as the #1 entry point.
  • Somewhere in the past 30+ years, Linux went from “secure by default” to showing up in the breadcrumbs of more than 90% of software security breaches.

Despite the obvious rise in bad actors exploiting vulnerabilities in Linux operating systems, the increase can’t be chalked up to any brand new techniques—buffer overflows are still the biggest threat. What has changed, according to Kurtzer, is the sheer scope of this popular open source software, which leads to additional entry points and increased risk. Containers compound these vulnerabilities, allowing user spaces to be packed up and moved around independently of the core operating system.

According to Kurtzer, two big container missteps that can reduce security are: not having good provenance that allows you to see where the containers come from, and the byte rot associated with continuous deployment without management, updates, or visibility.

With Linux driving more workloads that run the cloud, it’s important to remember that the same types of attacks work across containers, cloud-based systems, and physical servers. As Kurtzer noted, the cloud often provides a double threat to security, making cyber security attacks more effective and easier to scale while simultaneously making the job of effectively monitoring and managing entry points more difficult.

Addressing Vulnerabilities in Open Source Software

Risk is directly related to how much visibility you have into the depths of your software. The nature of open source software means people not employed by you or your company have the ability to submit code, which in turn means you could be blind to risks contained within it. Put plainly, what you don’t know can hurt you.

Distilling down to the essentials, Britton offered two key questions that can help determine your level of risk:

  • Do you have a complete bill of materials for your software, including open source? Being able to see and explain the purpose of every piece of code in all of your software helps you lay the foundation for understanding and mitigating vulnerabilities.
  • Do you have visibility into the kind of malicious activity each type of code is vulnerable to? The web app on top of the stack might be the easiest to notice, but the compiled code and aspects of an operating system that exist underneath it constitute latent risks.

These questions get to the heart of why visibility is so vital—because bad actors are always trying to get one level below where your software security efforts are located. That means that attacks are progressively moving farther down the stack while a lot of focus has been on the surface level like antivirus protection, multi-factor identification, and Linux-based solutions for endpoint protection.

LaPorte noted that most industry solutions are almost the inverse of how software security should work. He and Britton both agreed that traditional security methods have huge gaps and the focus should be on hardening the software to prevent changes and stop attacks at the code level.

“Too many times, we’ve seen people think that because they’ve tied off one layer that vulnerabilities elsewhere in the stack just don’t matter,” said Britton. “And what I think that history has shown us that it’s a bit of a naive assumption because bad actors are good at taking your assumptions and turning them on their ear. Being able to provide that hardening for everything that is in memory is essential.”

RunSafe Builds in Software Security from the Bottom Up

RunSafe Security’s patented Alkemist technology helps secure software during the build, leveraging both Moving Target Defense (MTD) and Runtime Application Self-Protection (RASP) techniques to prevent bad actors from weaponizing vulnerabilities. According to both Kurtzer and Britton, MTD models are proving to be incredibly helpful in mitigating buffering overflow attacks by removing predictability. RunSafe Security and CIQ have teamed up to integrate RunSafe’s Alkemist:Code technology within CIQ’s platform.

Now, cyber hardening technologies offered by Alkemist:Code are available to Rocky Linux users with no extra effort. The virtually unbreakable code won’t slow down development or runtime speeds and offers new ways to leverage containers for security. By adding RunSafe’s Alkemist: Code into a build, Rocky Linux users effectively bake in the most advanced cybersecurity protection tools that will move with that container wherever it goes.

In addition, access to the mighty but easy-to-use Alkemist: Code means that Rocky Linux users can take advantage of protections while maintaining accessibility for those who don’t have decades of expertise in open source software security, making it a truly turnkey solution that mitigates vulnerabilities from the bottom up.

As the Linux landscape evolves, software security is getting harder. Learn from expert panelists how you can identify software security vulnerabilities and implement security protections, in this webinar.

 

FAQ:

How has the security landscape changed?

  • Malware families alone have grown 40% year over year since 2019 and 500% over the past decade.
  • The IBM Exforce Threat Intelligence Index shows exploits are now the main attack vector, bumping phishing from its decade-long run as the #1 entry point.
  • Somewhere in the past 30+ years, Linux went from “secure by default” to showing up in the breadcrumbs of more than 90% of software security breaches.

How do you determine your level of risk?

  • Do you have a complete bill of materials for your software, including open source? Being able to see and explain the purpose of every piece of code in all of your software helps you lay the foundation for understanding and mitigating vulnerabilities.
  • Do you have visibility into the kind of malicious activity each type of code is vulnerable to? The web app on top of the stack might be the easiest to notice, but the compiled code and aspects of an operating system that exist underneath it constitute latent risks.

How can you easily prevent software vulnerabilities?

Now, cyber hardening technologies offered by Alkemist:Code are available to Rocky Linux users with no extra effort. The virtually unbreakable code won’t slow down development or runtime speeds and offers new ways to leverage containers for security. By adding RunSafe’s Alkemist: Code into a build, Rocky Linux users effectively bake in the most advanced cybersecurity protection tools that will move with that container wherever it goes.

RunSafe Security’s 2025 Product Security Predictions

RunSafe Security’s 2025 Product Security Predictions

Product security has come a long way since  the early 2000s to the current iterations we’re seeing today. From CISA’s focus on Secure by Design to the growing emphasis on software supply chain security, software manufacturers, software buyers, and regulatory...

read more