Posts about Security

Crunchy Data has recently announced an update to the CIS PostgreSQL Benchmark by the Center for Internet Security, a nonprofit organization that provides publications around standards and best practices for securing technologies systems. This newly published CIS PostgreSQL 10 Benchmark joins the existing CIS Benchmarks for PostgreSQL 9.5 and 9.6 while continuing to build upon Crunchy Data's efforts with the PostgreSQL Security Technical Implementation Guide

Crunchy Data recently announced the publication of the CIS PostgreSQL Benchmark by the Center for Internet Security, a nonprofit organization that provides publications around standards and best practices for securing technologies systems. This CIS PostgreSQL Benchmark builds on earlier work that Crunchy started when it helped to publish the PostgreSQL Security Technical Implementation Guide

On March 1, 2018, the PostgreSQL community released version 10.3 and other supported versions of PostgreSQL.  The release centered around a disclosed security vulnerability designated CVE-2018-1058, which is related to how a user can accidentally or maliciously "create like-named objects in different schemas that can change the behavior of other users' queries."

The PostgreSQL community released a guide

Row Level Security, aka "RLS," allows a database administrator to define if a user should be able to view or manipulate specific rows of data within a table according to a policy

Crunchy Data recently announced the publication of the PostgreSQL Security Technical Implementation Guide (STIG) by the United States Defense Information Systems Agency (DISA), making PostgreSQL the first open source database to provide a published STIG.

While the STIG was authored for the benefit of the U.S. Government, the DISA PostgreSQL STIG offers security-conscious enterprises a comprehensive guide for the configuration and operation of open source PostgreSQL. Enterprises can refer to the STIG as for guidance on PostgreSQL security best practices they consider open source PostgreSQL as an alternative to proprietary, closed source, database software.

Importantly, compliance with the STIG guidance requires only open source software and documentation. The PostgreSQL STIG is based on open source, unmodified PostgreSQL 9.x used in conjunction with certain open source PostgreSQL extensions – most notably, pgaudit

Charleston, SC and Washington, DC - Crunchy Data Solutions, Inc. (Crunchy), a provider of enterprise PostgreSQL support, technology and training, today announced the release of Crunchy MLS PostgreSQL, an open source database distribution supporting multi-level security.

Crunchy MLS PostgreSQL was developed to support the relational database requirements of the U.S. Government’s Centralized Super Computer Facility. Crunchy is proud to be a part of the Multi-Level Security Ecosystem that includes participants such as Lockheed Martin, Red Hat® and Seagate to provide high performance at massive scale while protecting data internally and externally.

Crunchy CEO Bob Laurence said, “Crunchy MLS PostgreSQL provides an innovative open source alternative to legacy relational database technologies.  With this solution, mission-critical programs can benefit from the combined cost efficiencies of Multi-Level Security and Open Source Software.”

Crunchy and Lockheed Martin collaborated closely to provide PostgreSQL as an open source relational database for multi-level security

Amid the well-deserved hype around the impact of cloud technology and big data analytics, it is possible that casual industry watchers may have missed the real story behind the recent wave of IT re-architecting.

Enabling many of these recent, powerful trends is a newly validated embrace of open source software technology. The movement to OSS solutions is empowering system designers and solution architects to re-examine methodologies that evolved out of the legacy proprietary, closed source software license model. Put simply, OSS allows developers of IT systems to create better results and cut costs.

Enterprise IT leaders in business and government have taken notice of the benefits of OSS. For example, the recently launched U.S. Digital Service published a Digital Services Playbook