The CRA’s scope for open-source software (OSS) was one of the most contested parts of the regulation. The OSS community raised legitimate concerns during the legislative process such as how should manufacturer obligations apply to non-commercial, volunteer-driven projects? The final regulation offers an answer, though how convincing that answer is depends on who you ask. […]
Time-sensitive This article focuses on the 11 September 2026 vulnerability reporting deadline — the first hard enforcement milestone under the Cyber Resilience Act. As of June 2026, you have approximately 100 days to prepare. Most companies treating the CRA as a 2027 problem are already behind. According to the 2026 CRA Awareness and Readiness Report […]
NIST Significantly Reduces Independent CVSS Scoring in the NVD For years, the routine has been the same. A new vulnerability appears, the security team checks the NVD, looks at the CVSS score, and decides: patch now or wait. A single number, produced by a U.S. federal agency, has become the pace-setter for millions of systems […]
Defenders deploying Ubuntu will be pleased to know that Greenbone’s OPENVAS SCAN now includes detection for Ubuntu 26.04 LTS security notices via the OPENVAS ENTERPRISE FEED and COMMUNITY FEED. Ubuntu 26.04 LTS, aka “Resolute Raccoon”, is a long-term support (LTS) version of Ubuntu that was released on April 23rd, 2026. LTS releases receive standard security […]
Defenders deploying Fedora will be pleased to know that Greenbone’s OPENVAS SCAN now includes detection for Fedora 44 security advisories via the OPENVAS ENTERPRISE FEED and COMMUNITY FEED. Fedora Linux 44 was released on April 28th, 2026, and releases are typically maintained for 13 months. Fedora 44 has been assigned an expected end-of-life (EOL) date […]
Until recently, a digital product could be placed on the European market with essentially no binding cyber security standard attached to it. Manufacturers decided how much security to build in, and buyers had no assurances and no way to compare. When vulnerabilities emerged, there was no legal obligation to report or fix them. Products could […]
A field report on open source, competition, enforcement of rights, and the question of how to defend a fair and sustainable open source ecosystem. Summary This report describes a real case of misuse of open source software using the example of OPENVAS, the open source vulnerability management system we developed. A market participant had systematically […]
Operating system (OS) security updates are critical for maintaining a strong enterprise security posture. OS vulnerabilities in on-prem and cloud assets, fleets of staff workstations, development environments, container hosts, virtualization platforms, and edge infrastructure may offer an attacker the initial access they need to execute a costly cyber attack. Linux, especially Red Hat Enterprise Linux […]
Users appreciate when software can easily integrate into their existing IT environment. For vendors, this means supporting a cross-platform mix of operating systems and infrastructure. We’re excited to expand our virtualization platform support, bringing Proxmox VE into our family of supported hypervisors. This addition enables more flexibility for deploying OPENVAS SCAN in diverse IT environments. […]
Q-Day marks the moment when quantum computers will render classical cryptography standards obsolete. The risks posed by quantum computers demand a migration to Post Quantum Cryptography (PQC). Greenbone is proactively preparing for this future—upgrading our internal infrastructure, auditing partners, and enhancing the OPENVAS SECURITY INTELLIGENCE platform with upgraded detection and new auditing features. The goal […]
