Open Source Security Tools and Applications
- January 08, 2019
The National Security Agency plans to release an open source version of its GHIDRA reverse engineering tool during RSA Conference in March, but details about the tool are scarce.
- December 27, 2018
Adam Baldwin, director of security for NPM, talks chains of trust and new NPM security initiatives that will bring automated alerts to help highlight potentially malicious activity.
- November 28, 2018
A compromised NPM package targeted a popular bitcoin wallet with cryptocurrency-stealing code and experts say the issue highlights the lack of a chain of trust in open source software.
- June 28, 2018
The EFF's new STARTTLS Everywhere initiative aims to secure email as it transits the internet between mail servers to prevent mass surveillance, as well as email spoofing.
- April 18, 2018
IBM has made a new open source AI toolbox that's designed to provide practical defenses for real-world AI systems based on how threat actors can attack AI models.
- March 30, 2018
Kaspersky's KLara tool has been made open source in an effort to help security professionals search related malware samples more easily and efficiently with distributed Yara rules.
- March 22, 2018
Blockchain has generated both hype and skepticism, but SAP CSO Justin Somaini believes the technology has applications for security that can improve open source software.
- September 15, 2017
Equifax has confirmed an unpatched critical Apache Struts vulnerability was exploited in the breach that compromised the personal data of 143 million U.S. citizens.
- January 09, 2017
Truffle Hog utility roots out and detects text blobs with enough entropy to be secret keys -- even those buried deep in old Git repositories -- to prevent exploits.
- January 03, 2017
A low-severity vulnerability dating back to 1995 in libpng, the official reference library implementation for PNG, may have enabled remote DoS attacks.
- September 30, 2016
The cure for a low-severity OpenSSL vulnerability proves worse than the disease, as it opened a new, critical flaw, forcing the OpenSSL Project to rush out a new set of patches.
- June 10, 2016
Mozilla created the Secure Open Source Fund to help developers perform security audits on software in an effort to reduce the potential of another Heartbleed or Shellshock.
- May 06, 2016
Roundup: Customers, vendors both unaware of unpatched open source vulnerabilities in commercial software. Plus OpenSSL patches, warrantless wiretaps and more.
- October 16, 2015
Jean Yang, who created the Jeeves software language, explains why the industry needs to do a better job of enforcing security and privacy policies in its applications.
- July 22, 2015
According to researchers, malware makers have been targeting .NET since Microsoft made the software open source. And experts debate to what extent open source security can be maintained.