Open source security tools and software

Open source security tools offer numerous benefits to enterprise security, but they can also come with their own vulnerabilities. Here you'll find news, expert advice, learning tools and white papers on Snort, Nmap, Nessus and other popular open source security tools.

February 25, 2021 25 Feb'21
GitHub hires first-ever chief security officer

GitHub has added a CSO to its ranks, as the platform seeks to grow and maintain one of the world's largest collections of open source software projects.
February 10, 2021 10 Feb'21
Researcher used open source supply chain to breach tech giants

Security researcher Alex Birsan breached several major tech companies, including Microsoft and Apple, through a novel technique that manipulated open source supply chains.
December 08, 2020 08 Dec'20
Forescout reports 33 new TCP/IP vulnerabilities

The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as well as make it difficult to comprehend the full impact.
November 04, 2020 04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.

Bring yourself up to speed with our introductory content

The what, why and how of the Spring Security architecture

Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
Secure Shell (SSH)

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. Continue Reading
What it takes to be a DevSecOps engineer

To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
Istio service mesh security benefits microservices, developers

Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading
Benefits of open source container vulnerability scanning

Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading

Learn to apply best practices and optimize your operations.

Build an agile cybersecurity program with Scrum

Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams. Continue Reading
How to put AI security to work in your organization

Countering cyberthreats through human effort alone is impossible; you need to add AI and machine learning products to your security program. Here's how to get started. Continue Reading
AI, machine learning in cybersecurity focused on behavior

Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
Wireshark tutorial: How to use Wireshark to sniff network traffic

Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection. Continue Reading
How does a WordPress SEO malware injection work and how can enterprises prevent it?

Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages. Continue Reading