Security archives
90 posts
Mythbusting the scope of Livepatch protection
By Rajan Patel, 24 September 2025
The purpose of this article is to share the technical realities of security patching for the Linux kernel, and the intended scope of the Linux kernel’s...
Canonical achieves IEC 62443-4-1 compliance in Industrial Automation and Control Systems
By Canonical, 18 September 2025
Canonical is proud to announce it has achieved compliance with IEC 62443-4-1 for cybersecurity in Industrial Automation and Control Systems (IACS). Building...
What are dependencies, and how do you secure them?
By Matthew de Klerk, 10 September 2025
There are thousands of free-to-use, ready-built programs and code repositories that solve problems you’d otherwise need to spend weeks building the solutions...
Generating allow-lists with DNS monitoring on LXD
By Nicholas Morris, 26 August 2025
Allow-listing web traffic – blocking all web traffic that has not been pre-approved – is a common practice in highly sensitive environments. It is also a...
A complete security view for every Ubuntu LTS VM on Azure
By Jehudi, 22 August 2025
Azure’s Update Manager now provides a complete security view for all Ubuntu LTS VMs—18.04, 20.04, 22.04, and 24.04—by showing available updates from Ubuntu...
A CISO’s guide to Application Security best practices
By Stephanie Domas, 11 August 2025
Effective AppSec is not a one-time fix but a continuous journey across every facet of your application’s lifecycle. By embracing a Secure Software Development...
Is Linux secure?
By ijlal-loutfi, 6 August 2025
Does operating system (OS) security matter? Meet Pal. Pal is a senior developer working at PalBank. For the next 6 months, Pal will be responsible for leading...
Live Linux kernel patching with progressive timestamped rollouts
By Rajan Patel, 2 July 2025
In internet connected environments, where Ubuntu instances can reach livepatch.canonical.com, Livepatch Client supports timestamp-based rollout...
Update Livepatch Client for the newest kernel module signing certificate
By Rajan Patel, 1 July 2025
The kernel engineering team at Canonical has generated a new module signing certificate on May 16, 2025, and it is embedded in all Ubuntu kernels published...
How is Livepatch safeguarded against bad actors?
By Rajan Patel, 27 June 2025
What safeguards the Livepatch security patching solution against bad actors and malicious code masquerading as an update? Learn about Secure Boot and module signing.
CRA compliance: Things IoT manufacturers can no longer do under the CRA (and what to do instead)
By Stephanie Domas, 7 May 2025
In this blog, I’ll give you a thorough overview of common IoT manufacturer and PDE developer practices that need immediate attention, and how to change or...