Tails Linux introduces reforms in security audit postmortem to make you safer

Alongside the release of Tails 6.11 earlier this year, the Tails Project revealed that Radically Open Security was auditing the Tails operating system to better protect users. The audit has now concluded and no remote code vulnerabilities were found.

The only issues that were found required a compromised low-privileged amnesia user, which is the default account in Tails. Luckily for users, the Tails developers are quick on their toes and asked for information about the vulnerabilities before the report was published and released fixes for the discovered issues, which users now already enjoy.

Here’s an overview of what was fixed:

Following the fixing of the bugs, the Tails team also did a postmortem of the audit to find out what cultural things need to change and which technical things need to be changed that had a role in allowing the entry of bugs into the operating system in the first place.

The major cultural change that Tails has adopted is how it shares vulnerabilities with the public. So far, it said it has been too secretive about vulnerabilities, but going forward, has adopted the security issue response policy based on the policy of the Tor Project’s Network Team.

It also found that refactoring large amounts of code can also be a way in for security bugs so from now on it will be more intentional and only do large refactoring when it’s worth the effort and risk.

For anyone running Tails, these are extremely positive developments. Tails is used by all sorts of people for sensitive work, so knowing that it’s being proactive on security is reassuring.

Source: Tails