Open Source Security Tools and Applications
- September 15, 2017
Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- January 03, 2017
A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.
- September 30, 2016
The cure for a low-severity OpenSSL vulnerability proves worse than the disease, as it opened a new, critical flaw, forcing the OpenSSL Project to rush out a new set of patches.
- June 10, 2016
Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- July 22, 2015
According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.
- April 28, 2015
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.
- March 23, 2015
A new open source security tool from CERT, dubbed 'Tapioca,' shows that Android app vulnerabilities are ubiquitous, according to new research from IBM.
- March 20, 2015
News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.
- March 13, 2015
News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.
- February 23, 2015
Use of Cisco's OpenAppID application-layer traffic-detection tool is still modest compared to Snort, but the networking giant says it can help enterprises improve traffic visibility on internal applications.
- February 13, 2015
News roundup: While data sharing can boost intelligence and improve security, recent events show the benefits don't always outweigh the pitfalls. Plus: Chip-enabled POS systems coming quickly; MongoDB databases exposed; sophisticated phishing scams.
- October 08, 2014
Yahoo says a reported attack was not the result of a Shellshock exploit, but researchers have found new vulnerabilities in SSH key-management and network-attached storage systems.