Open source security tools and software

Open source security tools offer numerous benefits to enterprise security, but they can also come with their own vulnerabilities. Here you'll find news, expert advice, learning tools and white papers on Snort, Nmap, Nessus and other popular open source security tools.

November 04, 2020 04 Nov'20
SaltStack discloses critical vulnerabilities, urges patching

The SaltStack vulnerabilities, disclosed Tuesday, allow remote attackers to execute arbitrary code on affected installations of the popular open source software.
August 18, 2020 18 Aug'20
Apache Struts vulnerabilities allow remote code execution, DoS

The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall.
July 29, 2020 29 Jul'20
'BootHole' bug puts most Linux, Windows systems in jeopardy

Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems.
June 25, 2020 25 Jun'20
Open source vulnerabilities down 20% in 2019

Snyk recently released its fourth annual 'State of Open Source Security' report, which analyzed open source statistics, vulnerability trends and security culture.

Bring yourself up to speed with our introductory content

The what, why and how of the Spring Security architecture

Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
Secure Shell (SSH)

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. Continue Reading
What it takes to be a DevSecOps engineer

To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
Istio service mesh security benefits microservices, developers

Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading
Benefits of open source container vulnerability scanning

Containers have revolutionized app development but pose many security challenges. Uncover how container vulnerability scanning can help and why to consider open source tools. Continue Reading

Learn to apply best practices and optimize your operations.

Build an agile cybersecurity program with Scrum

Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams. Continue Reading
How to put AI security to work in your organization

Countering cyberthreats through human effort alone is impossible; you need to add AI and machine learning products to your security program. Here's how to get started. Continue Reading
AI, machine learning in cybersecurity focused on behavior

Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
Wireshark tutorial: How to use Wireshark to sniff network traffic

Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection. Continue Reading
How does a WordPress SEO malware injection work and how can enterprises prevent it?

Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages. Continue Reading