SerNet News

verinice 1.12 is out. The new version of the open source tool for the management of information security (ISMS) is an efficient companion for companies, government agencies, consultants and auditors.  A perspective for working with vulnerability scanners is just one of many new features. verinice is published by SerNet.

verinice 1.12 introduces the Greenbone GSM perspective. This allows an easy start into managing vulnerabilities by intertwining verinice with the vulnerability scanner Greenbone GSM (OpenVAS). Two new tutorials explain step-by-step, how the results of vulnerability scans are imported and processed. When working with an IS-management system according to ISO 27001 the scanned systems and weaknesses can be used in a risk analysis.

verinice.PRO offers additional advantages: The workflow helps in assigning responsibilities and fixing vulnerabilities while in operation mode. An intelligent adjustment ensures that even after repeated scans duplicates are avoided and only fixed vulnerabilities are removed from the risk database.

Another big change: the whole development process moved to <link https: github.com sernet verinice _blank external-link-new-window auf>Github. The verinice source code remains open source – and GitHub helps to make the development more transparent. 

There are also numerous improvements and bug fixes. More detailed information about features and improvements are listed in the <link http: verinice.com verinice-support release-notes external-link-new-window release>release notes for verinice 1.12. verinice 1.12 is available at <link http: verinice.org external-link-new-window von>verinice.org.

SerNet's EnterpriseSAMBA 4.2.8 has just been released. Packages for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu are available at the <link https: portal.enterprisesamba.com _blank>EnterpriseSAMBA portal.

These packages address a lot of issues, which are listed in the <link https: www.samba.org samba history samba-4.2.8.html _blank release>release history for Samba 4.2.8.

Please note that SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via <link https: portal.enterprisesamba.com _blank>portal.enterprisesamba.com for free. Users don't even have to register anymore to be able to access the packages, but instead can use a public user. Starting with Samba 4.3 SerNet's packages are published as SAMBA+, available as software subscription. They can be purchased at the SAMBA+ shop. Detailed information and prices are listed at the <link https: shop.samba.plus _blank>SAMBA+ Shop.

From May 10th to 12th 2016 the SerNet GmbH and the <link https: www.samba.org external-link-new-window>international Samba Team will host the SAMBA eXPerience. The 15th edition of the conference comes along with an innovation: For the first time Berlin will be the place for developers and users from around the world to meet. Sale of "Early Bird" tickets has started already.

SAMBA+ 4.3.3 and EnterpriseSAMBA 4.2.7 and 4.1.22 have just been released. These are security releases, please update affected systems as soon as possible. The packages are available for various SUSE and RedHat platforms as well as for Debian GNU/Linux and Ubuntu.

For more information about the security issues visit <link https: samba.plus external-link-new-window the>

samba.plus

• <link https: www.samba.org samba history samba-4.3.3.html _blank external-link-new-window release>Samba 4.3.3 release history 
• <link https: www.samba.org samba history samba-4.2.7.html _blank external-link-new-window release>Samba 4.2.7 release history
• <link https: www.samba.org samba history samba-4.1.22.html _blank external-link-new-window release>Samba 4.1.22 release history

SAMBA+ 4.3 packages and all later versions are available as software subscription. They can be purchased at the <link https: shop.samba.plus _blank external-link-new-window the>SAMBA+ shop where detailed information and prices are listed. The subscriptions bought at the SAMBA+ shop are managed at our platform <link https: oposso.samba.plus external-link-new-window subscription management>OPOSSO. Users can activate their subscriptions here and manage access credentials. The new SAMBA+ 4.3.3 packages are included in existing subscriptions.

SerNet's 4.2 packages and older versions will still be maintained as EnterpriseSAMBA and distributed via <link https: portal.enterprisesamba.com external-link-new-window>

portal.enterprisesamba.com

Open source software (OSS) is crucial for the German industry - with many sustainable business models and high efficiency for providers and users. But there is still uncertainty, ignorance and difficulty in purchasing or procurement. The easiest way to learn is by example of others - and that is why the SerNet GmbH has launched a survey that examines the spread of open source software in DAX companies. DAX (Deutscher Aktienindex) is the German blue chip stock market index consisting of the 30 major German companies trading on the Frankfurt Stock Exchange. The result: All companies represented here are using open-source software. "We have expected this. But the proof is exciting," says Dr. Johannes Loxen, CEO of SerNet.

Loxen explains how SerNet arrived at the conclusion: "We had three ways to find out whether OSS is used. First, many of the DAX companies are our customers and we know that they use OSS." Secondly, some of the companies are advocates for open source. They provide their own software under an OSS license, are members of initiatives or initiate contests and awards. Loxen: "In the third case we had a close look at the visible OSS use."

The Dax 30: OSS promoters and users

Chen-Yu Lin, PhD (SerNet) conducted the investigation systematically. She divided the companies into three resulting groups: "Active promoters, active users and silent users." SAP, for example, has already contributed many million lines of code to the Eclipse platform and supports numerous Apache projects. "But sponsoring is not expressed solely in code or money," says Lin. The Deutsche Telekom AG e.g. created an publicly accessible Open Source License Compendium (OSLiC) published under Creative Commons license (CC BY-SA 3.0). "The compendium is a useful in-house tool for knowledge sharing, and shines a light on what to consider in various usage scenarios with different open source licenses," says Lin. "The compendiums availability and license will help others using OSS and thus the spread of open source software." Even German automotive industries are investing in OSS according to Lin: BMW runs several OSS projects and is among the active supporters; Daimler announces on its website to have OSS in use and published a 'License Declaration'.

Loxen adds:"When it comes to enterprises open source always plays a more decisive role – without being visible at first sight or boards even being conscious about it. Open source software is a motor for increased efficiency. Nobody gets along without it." License fees are a still valid, but an old argument. "Anybody inquiring safety, continuous improvement and open sources without backdoors as criteria, automatically comes to the conclusion that open source software is the answer."

Consistent, innovative thinking required

Given this central role Loxen calls for more consistency in politics and business: "Open source software has long since been transformed into an economic factor in Germany and Europe. It is time to represent this in procurement and purchasing as well." Existing barriers should be eliminated. "Equal opportunities - that would be a start!"

Further Information and Press Contact: 
Claudia Krell
Mail presse@sernet.de
Tel. +49 551 37 0000 0