惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Heimdal Security Blog
SecWiki News
SecWiki News
H
Hacker News: Front Page
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
Scott Helme
Scott Helme
PCI Perspectives
PCI Perspectives
S
Securelist
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
Forbes - Security
Forbes - Security
T
Tor Project blog
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
I
Intezer
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
博客园 - 司徒正美
W
WeLiveSecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
V2EX
P
Palo Alto Networks Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
T
Threatpost
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research

Ubuntu blog

Tracing a memory leak bug in PID 1 and contributing an upstream fix: a Linux support story | Ubuntu MAAS installation: bare metal provisioning is easier than ever | Ubuntu Januscape vulnerability CVE-2026-53359 mitigations available | Ubuntu Managing Ubuntu on bare metal at scale Ubuntu Server: a platform made for enterprise scale | Ubuntu Beyond safety and security: Why automotive open source demands dependability  | Ubuntu DirtyClone Linux kernel local privilege escalation vulnerability fixes available | Ubuntu pedit COW kernel local privilege escalation vulnerability mitigations | Ubuntu Canonical becomes Gold Sponsor of Trifecta Tech Foundation | Ubuntu Challenges designers face in open source (and how to fix them) | Ubuntu Hunting a 16-year-old SQLite bug with TLA+: is dqlite affected? | Ubuntu Anbox Cloud on C4A metal: Android, at scale, without friction | Ubuntu Canonical announces live kernel patching for Arm64 | Ubuntu How to use RISC-V custom instructions with Ubuntu | Ubuntu Ubuntu Summit 26.04: connected by open source | Ubuntu So you need to add microcontrollers to your fleet: now what? | Ubuntu Validating real-world skills through Canonical Academy | Ubuntu Virtualized Android comes to Anbox Cloud | Ubuntu Template: Streamlining open source design contributions | Ubuntu Beyond Mythos: responding to a new threat landscape | Ubuntu A look into Ubuntu Core 26: Building a local AI inference appliance in a virtual machine | Ubuntu A decade of Ubuntu on IBM Z and IBM LinuxONE | Ubuntu AI at the edge: simplifying infrastructure with Cisco and Canonical | Ubuntu The next era of telco clouds: get open infrastructure choice with Sylva and Canonical Kubernetes | Ubuntu What is RDMA over Converged Ethernet (RoCE)? | Ubuntu Beyond tokens per watt – using Ubuntu 26.04 LTS for AI | Ubuntu A look into Ubuntu Core 26: Deploying AI models on Renesas RZ/V series for production | Ubuntu RISC-V profiles – why is RVA23 significant? | Ubuntu AI with AMD ROCm on Ubuntu: your questions answered | Ubuntu Ubuntu and Ubuntu Pro on Azure Cobalt 200 VMs | Ubuntu What is InfiniBand? | Ubuntu How Canonical Support solves hard Linux performance bugs  – even in 12-year old code | Ubuntu Securing AI agent workflows on Ubuntu with the new NVIDIA OpenShell snap | Ubuntu Canonical announces optimized Ubuntu images for TPU virtual machines by Google Cloud | Ubuntu VMware hypervisor deployment using MAAS | Ubuntu Migrating from Apache Spark 3 to Spark 4 | Ubuntu Introducing Workshop: launch sandboxed development environments on Ubuntu with a single command | Ubuntu Run agentic workloads on Arm and Ubuntu | Ubuntu Decoding design: How design and engineering thrive together in open source | Ubuntu Developing web apps with local LLM inference | Ubuntu PinTheft Linux kernel vulnerability mitigation | Ubuntu Canonical announces fully Managed Kubeflow AI operations platform on the Microsoft Azure Marketplace | Ubuntu A look into Ubuntu Core 26: Cloud-powered edge computing with AWS IoT Greengrass and Azure IoT Edge | Ubuntu CVE-2026-46333 (ssh-keysign-pwn) Linux kernel vulnerability mitigations | Ubuntu Finding the blind spot: How Canonical hunts logic flaws with AI | Ubuntu Fragnesia Linux kernel local privilege escalation vulnerability mitigations | Ubuntu Rethinking BYOD security: protecting data without trusting devices | Ubuntu Dirty Frag Linux kernel local privilege escalation vulnerability mitigations | Ubuntu Three weeks to go: A sneak peek of the Ubuntu Summit 26.04 experience | Ubuntu How to use Ubuntu on Windows | Ubuntu Fixes available for CVE-2026-31431 (Copy Fail) Linux Kernel Local Privilege Escalation Vulnerability | Ubuntu Run NVIDIA Nemotron 3 Nano Omni locally in a single command | Ubuntu Why Web Engineering is great | Ubuntu Ubuntu 16.04 LTS has reached the end of standard Expanded Security Maintenance with Ubuntu Pro. Here are your options. | Ubuntu Understanding disaggregated GenAI model serving with llm-d | Ubuntu From Jammy to Resolute: how Ubuntu’s toolchains have evolved | Ubuntu Hybrid search and reranking: a deeper look at RAG | Ubuntu Canonical expands Ubuntu support to next-generation MediaTek Genio 520 and 720 platforms | Ubuntu Intentional leadership at Canonical | Ubuntu Ubuntu Pro comes to Nutanix bare-metal Kubernetes | Ubuntu RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu Ubuntu Summit 26.04 is coming: Save the date and share your story! | Ubuntu How to manage Ubuntu fleets using on-premises Active Directory and ADSys | Ubuntu Simplify bare metal operations for sovereign clouds | Ubuntu How to Harden Ubuntu SSH: From static keys to cloud identity | Ubuntu The “scanner report has to be green” trap | Ubuntu Modern Linux identity management: from local auth to the cloud with Ubuntu | Ubuntu Canonical welcomes NVIDIA’s donation of the GPU DRA driver to CNCF | Ubuntu Hot code burns: the supply chain case for letting your containers cool before you ship | Ubuntu
Building an open source chain of trust: new research uncovers key blockers and ways forward | Ubuntu
Canonical (C · 2026-07-06 · via Ubuntu blog

Canonical is pleased to share its latest research report, “The open source chain of trust.” Based on a survey of 500 DevOps professionals, the report highlights how organizations approach their open source software supply chains. While many companies are moving toward verifiable provenance and automated security workflows, internal misalignment and disjointed approaches remain serious challenges for most teams.

Read the report

Open source is the fabric of modern IT, but management remains fragmented

Open source powers development toolchains and underpins cloud-native platforms. It runs across on-prem, cloud, and edge environments. While organizations formalize policies and adopt security tools, many rely on fragmented processes with significant visibility gaps in CI/CD process between development and production stages. This research shows that 90% of respondents believe their organization needs to improve cross-team collaboration regarding open source software.

Figure 1: overview of key findings from the research

Organizations often stitch together components from many sources using inconsistent methods and misaligned upgrade cadences. Security teams struggle to manage transitive dependencies in this environment. Meanwhile, operations teams face constant trade-offs between stability and necessary changes.

Open source is a critical foundation of the enterprise, but managing the dependency sprawl can be an operational and security challenge. On top of these existing supply chain challenges, the cadence of software development is accelerating. Consequently, it is increasingly crucial for organizations to bring automation and cross-team collaboration into their SDLC governance.”

– Rachel Stephens, Research Director at RedMonk

Key findings from the research

The report identifies operational challenges and highlights how internal misalignment impacts software supply chains:

  • Cross-team tensions stall progress: 71% of respondents report tensions between DevOps and platform engineering teams regarding the scalable use of open source.
  • Manual processes hinder maturity: 35% of organizations still rely on manual code reviews for security. Another 21% use manual methods to track vulnerabilities.
  • Operational risk drives patching delays: Primary causes for delays include system compatibility concerns (53%) and resource constraints like staff shortages (43%).

Figure 2: Most common causes of delays in organizations’ ability to patch vulnerabilities, top 3 combined answers.

Mitigating gaps through a trusted foundation

The research highlights a clear path toward more predictable and secure operations:

  • Rely on the operating system as a strategic control plane: 98% of respondents describe the OS as extremely or very important for detecting and applying updates to open source components, suggesting it can serve as a central layer to govern supply chain hygiene.
  • Establish verifiable provenance: 48% of respondents state that tracked packages would improve their confidence in software supply chain security.
  • Strengthening collaboration: Choosing the right platform as a foundation brings consistent governance and strengthens the working relationship between DevOps, security, and operations.

Discover all the insights from the research

“This new research highlights that scaling open source innovation requires organizations to move beyond fragmented workflows to adopt a stable foundation that can help fast-track security and compliance. At Canonical, we help our customers achieve exactly this by simplifying vulnerability management and providing a single, verifiable stack with trusted end-to-end provenance.”

– Lech Sandecki, Product Manager at Canonical

Trusted open source with Canonical

Maturing processes and improving internal alignment are critical for addressing security concerns. Through Ubuntu Pro, Canonical delivers consistent security maintenance for the operating system and thousands of upstream open source packages.

By streamlining vulnerability management and committing to up to 15 years of platform stability through backporting, Canonical helps resolve the inherent tension between rigorous security and operational uptime. This shift moves organizations from a state of fragmented visibility and complex management to one of securely designed architecture, ensuring the open source fabric they depend on remains a source of innovation and not of risk.

About the research

The report is based on a global survey of 500 IT professionals conducted by Vanson Bourne. Respondents represent organizations across the Americas, EMEA, and APAC.

Further resources on open source security

Read our latest research into software supply chains. Canonical offers in-depth guides to help you secure open source ecosystems and navigate supply chain complexities.

  • The state of software supply chains: Explore IDC research detailing why software supply security remains a challenge despite greater patching efforts, and how AI is making the compliance landscape more challenging. Download the research report  
  • A guide to open source vulnerability management: Discover the main challenges with open source security vulnerabilities, best practices for effective vulnerability management and how to apply cybersecurity frameworks like the NIST framework with Ubuntu Pro. Download the guide