Canonical
on 4 December 2024
New partnership program for open source vulnerability scanning organizations will enhance open source software vulnerability information through more accurate, timely and actionable results.
Today, Canonical, the publisher of Ubuntu, announced its new Ubuntu Security Research Alliance Program, a free partnership between Canonical and open source vulnerability scanning organizations.
The goal is to ensure vulnerability data is more transparent and standardized, while improving on-platform security for Ubuntu users through more proactive threat detection. Organizations who operate or develop security scanning products are welcome to submit their interest to join.
This partnership program has been created specifically for security research providers, such as vulnerability scanners, in order to improve the accuracy and usability of vulnerability information and provide remediation advice for Ubuntu users into their results.
“Ubuntu is more than an operating system, it’s a gateway to consume open source more broadly. This partnership will make that pathway to everything open source more reliable, thanks to more accurate, transparent and trustworthy security scanning results,” said Lech Sandecki, Product Manager at Canonical. “It’s always good when a security scanner tells you that something is wrong because you know there’s something to fix – but these results are sometimes not very actionable. Through our Ubuntu Security Research Alliance Program, we will be able to bring joint customers of Ubuntu and program partners results that aren’t just more accurate, but also more actionable, with clear indicators of how to fix it.”
Join the partnership or find out more
Securing the pathway to open source with accurate and actionable scanning
The new Ubuntu Security Research Alliance Program will directly benefit joint customers of Ubuntu and security scanning products, as it provides security products easy access to accurate information about vulnerabilities and available fixes for all packages in Ubuntu, and correct reporting on all Canonical products within security scanner results.
The collaboration will allow security scanner operators to reduce false positives and provide more actionable recommendations regarding CVE remediation steps. Program members will get early access to Ubuntu’s future roadmaps for any changes in tools and processes that could accompany future releases.
“Securing open source software is a critical aspect of securing today’s software supply chain,” said Scott Johnson, Vice President of Product Management at Black Duck. “Canonical and Black Duck have been working strategically to help ensure customers have the highest levels of accuracy and value as it pertains to their Ubuntu components. Together with Canonical we provide significant benefits to customers with market leading SBOM visibility, accuracy and control across all their systems.”
Building on Canonical’s intensive efforts to make open source more secure
The Ubuntu Security Research Alliance Program is just the latest effort in Canonical’s commitment to improve the wider security of open source software. Most recently, Canonical announced its partnership with the OpenSSF Vulnerability Disclosures Working Group in order to make its Ubuntu Security Notices (USNs) available in the OSV format.
Using the information provided, developers can identify known third-party, open source dependency vulnerabilities that pose a genuine risk to their application and its environment. This collaboration between Canonical and OSV aims to simplify vulnerability management and further enhance security for Ubuntu users.
“Research alliance programs facilitate intelligence sharing among security teams and system administrators, reducing the window of opportunity threat actors have to exploit newly disclosed vulnerabilities. We are very pleased to extend our partnership with Canonical and their Research Alliance Program to enhance the speed, accuracy and actionability of our security reports on Ubuntu-based systems”, said Ray Carney, Director of Research at Tenable.
About Canonical
Canonical, the publisher of Ubuntu, provides open source security, support and services. Our portfolio covers critical systems, from the smallest devices to the largest clouds, from the kernel to containers, from databases to AI. With customers that include top tech brands, emerging startups, governments and home users, Canonical delivers trusted open source for everyone.
Learn more at https://canonical.com/
Learn more about:
