Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

An error occurred while submitting your form. Please try again or file a bug report. Close

  1. Blog
  2. Article

Luci Stanescu
on 28 October 2024


October 2024 marks the 20th anniversary of Ubuntu. The cybersecurity landscape has significantly shifted since 2004. If you have been following the Ubuntu Security Team’s special three-part series podcast that we put out to mark Cybersecurity Awareness Month, you will have listened to us talk about significant moments that have shaped the industry, as well as what our recommendations to stay safe are. Some of these best practices will not be that far removed from what you would’ve heard two decades ago, but some technologies or processes could come across as unfamiliar.

For example, while the CVE program existed in 2004 (and, coincidentally, this October the program celebrated its 25th anniversary), coordinated vulnerability disclosure (CVD) was far less widespread; the NCSC started recommending the process in 2013 and more than half of the current CNAs (CVE Numbering Authorities) only joined in the past three years.

Watershed moments

Over the years, a number of incidents have provided eye-opening moments that emphasized just how much of an impact security breaches can have. It’s difficult to pinpoint one single example that changed the industry’s course, but professionals would struggle to forget the difficulties that shook Yahoo and its users in 2013-2014. Possibly still the largest data breach in history, it highlighted just how fragile passwords can be as an authentication technology. For affected people, it put the spotlight on how their online identities could be abused.

The landscape changes

Since then, security professionals have succeeded in making people around the world significantly more aware of online threats. We have collectively developed tools that are robust, comprehensive and easier to use, all the while starting to formalize this domain with mathematical rigor.  Human-friendly passkeys are certainly worth mentioning – they have both the potential to reduce the impact of password data breaches, such as the aforementioned Yahoo incident, as well as provide a slick experience for the end-user. A myriad of other technologies offer protections at the click of a button, from containerized applications to fine-grained access control through Linux Security Modules, such as AppArmor. Enterprises, large and small, can rely on well-defined, yet flexible, security frameworks and standards, such as the CIS Critical Security Controls, NIST’s Cybersecurity Framework, ISO 27001 or the card payment industry’s PCI DSS. The overarching theme is offering security by default, which in Ubuntu translates to a carefully designed distribution, security patches you can rely on and too many other features to mention here.

What hasn’t fundamentally changed is that cybersecurity is not a solved problem. As long as there continues to be a burden on the users, the targets of crime, we haven’t achieved our security goals. Our aim should be to make security for the masses not just intuitive and inherent in every product, but something that people don’t need to think about.

Looking forward to the future

Ubuntu was initially conceived as Linux for human beings, a distribution that set out to make free software available to the widest possible audience. Today, Ubuntu continues to stay true to its mission by making security easier for the user and being a platform to access a wider world of secure open source. The general availability of Ubuntu Pro in 2023 brought more security fixes for Ubuntu, in the context of an ever-expanding list of published CVEs. We have a very exciting road ahead. You may have seen previews of AppArmor seamlessly integrating into desktop environments with user prompting or workstation authentication interfacing with cloud-based identity providers through authd. These are just a few examples and we’ll be diving in on some upcoming technologies in the third episode of our podcast series, which will be published on 31st October.

If I had a crystal ball, I would make out a picture of a future where security is implicit and people, from software engineers to artists and business leaders, can innovate with confidence and be creative, without having to worry about cybercrime. On the October 18th podcast I talked about security technologies not being magic. But it may not be the worst thing to have a world where security can be indistinguishable from magic for the vast majority of us – cybersecurity for human beings.

Related posts


Massimiliano Gori
2 July 2025

Source to production: Spring Boot containers made easy

Cloud and server Article

This blog is contributed by Pushkar Kulkarni, a Software Engineer at Canonical. Building on the rise in popularity of Spring Boot and the 12 factor paradigm, our Java offering also includes a way to package Spring workloads in production grade, minimal, well organized containers with a single command. This way, any developer can generate ...


Massimiliano Gori
2 July 2025

Spring support available on Ubuntu

Cloud and server Article

This blog is contributed by Vladimir Petko, a Software Engineer at Canonical. The release of Plucky Puffin earlier this year introduced the availability of the devpack for Spring, a new snap that streamlines the setup of developer environments for Spring on Ubuntu. In this blog, we’ll explain what devpacks are and provide an overview of ...


Canonical
1 July 2025

Chiseled Ubuntu containers for OpenJRE 8, 17 and 21

Cloud and server Article

Today we are announcing chiseled containers for OpenJRE 8, 17 and 21 (Open Java Runtime Environment), coming from the OpenJDK project. These images are highly optimized for size and security, containing only the dependencies that are strictly necessary. They are available for both AMD64 and ARM64 architectures and benefit from 12 years of ...