Open Source Security Tools and Applications
- November 28, 2018
A compromised NPM package targeted a popular bitcoin wallet with cryptocurrency-stealing code and experts say the issue highlights the lack of a chain of trust in open source software.
- June 28, 2018
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing.
- April 18, 2018
IBM has made a new open source AI toolbox that's designed to provide practical defenses for real-world AI systems based on how threat actors can attack AI models.
- March 30, 2018
Kaspersky's KLara tool has been made open source in an effort to help security professionals search related malware samples more easily and efficiently with distributed Yara rules.
- March 22, 2018
Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software.
- September 15, 2017
Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- January 03, 2017
A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.
- September 30, 2016
The cure for a low-severity OpenSSL vulnerability proves worse than the disease, as it opened a new, critical flaw, forcing the OpenSSL Project to rush out a new set of patches.
- June 10, 2016
Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- July 22, 2015
According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.
- April 28, 2015
An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.
- March 23, 2015
A new open source security tool from CERT, dubbed 'Tapioca,' shows that Android app vulnerabilities are ubiquitous, according to new research from IBM.