Linux and Security

Image via Creative Commons, modified by Both.org

Security is a critically important part of using and administering computers in our ultra-connected world. With Linux running almost all the Internet’s infrastructure, including most web sites, the world’s financial foundation, and ever more desktop users, it has become a lucrative target for crackers.

Knowing and understanding the threats that jeopardize the safety and security of our computers is crucial for security, system, and network administrators.

There are two web sites that collect information about cybersecurity vulnerabilities, and one of them focuses on Linux.

CVE: Common Vulnerabilities and Exposures

The CVE: Common Vulnerabilities and Exposures website has been around for 25 years. The mission of the CVE^® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There are currently more than 280,000 CVE records in their database which covers all operating systems and software.

CVE partners and end users can report vulnerabilities which are given identifiers, such as CVE-2025-1234, and entered into the CVE database. The database is open and free to search by anyone. Anyone can also submit reports of vulnerabilities for possible inclusion in the database.

The CVE website provides educational and informative links that cover specific vulnerabilities as well as more general security best practices. It also provides downloads of the complete CVE database for local use.

Some general news organizations and several cybersecurity focused newsletters and websites report on some of the most dangerous vulnerabilities, but checking the site for the most recent entries is important to stay fully informed. They also have a newsletter

CVE is one of the most critical pillars of cybersecurity infrastructure on the planet and it’s currently in trouble. One of the CVE sponsors is the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) which, due to the idiots in the U.S. government, cut off funding of CVE for what turned out to be a short time. This time. Funding was restored after a few days, but CVE itself is vulnerable in these tumultuous times.

Linux Security

The Linux Security website focuses on vulnerabilities that affect Linux and open source software. It contains news, advisories, and how-to articles that can provide guidance in enhancing the security of Linux hosts and networks. The Linux Security organization has been around since 1996.

Their news, advisories, and must-read articles highlight the most critical threats and security issues. They also have email newsletters and I subscribe to them to ensure that I am getting the very latest information. I’ve used the information in the newsletter to verify that my systems are as secure as possible on several occasions. I typically get two to four newsletters a week. They seem to send them as necessary rather than on a set schedule. The latest one came in as I was writing this. Its subject: “Critical Debian 12.11 Update: Must-Know Fixes.” There’s also a corresponding article on the website, Debian 12.11 Released with 81 Bug Fixes & 45 Security Updates.

I like the newsletters as an alert system, and because they describe the threats in detail along with mitigation procedures.

Parting thoughts

Security for Linux systems is becoming more critical as the threat profiles grow. Having knowledge about the specific threats and the methods to mitigate them is an important part of our cybersecurity toolkit. These two web sites provide information and insights that allow us to harden our Linux systems as much as possible.