Open source security tools and software

Open source security tools offer numerous benefits to enterprise security, but they can also come with their own vulnerabilities. Here you'll find news, expert advice, learning tools and white papers on Snort, Nmap, Nessus and other popular open source security tools.

July 27, 2021 27 Jul'21
Open source web app projects hailed for quickly patching bugs

Nine vulnerabilities in three popular open source SMB tools were cleaned up within 24 hours after Rapid7 reported the flaws to their development teams.
May 27, 2021 27 May'21
Apiiro wins RSA Conference Innovation Sandbox Contest

Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks.
April 19, 2021 19 Apr'21
Pandemic triggered data security movement to DBaaS

Database-as-a-service technology has aided enterprises tasked with keeping data secure with IT professionals working from home during the COVID-19 pandemic.
February 25, 2021 25 Feb'21
GitHub hires first-ever chief security officer

GitHub has added a CSO to its ranks, as the platform seeks to grow and maintain one of the world's largest collections of open source software projects.

Bring yourself up to speed with our introductory content

Secure Shell (SSH)

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network. Continue Reading
Common Linux vulnerabilities admins need to detect and fix

Server admins need to prepare for a variety of common Linux vulnerabilities, from software and hardware vulnerabilities to employee-created ones and even digital espionage. Continue Reading
How to implement Linux security best practices

When setting up security for a company's infrastructure, admins need to focus on backups, patch management and regular vulnerability scans. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Why companies should use AI for fraud management, detection

AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
The Ghidra Book interview with co-author Kara Nance

Ghidra has had a huge impact on the reverse-engineering community. Kara Nance, co-author of The Ghidra Book, discusses this impact as the open source tool has evolved. Continue Reading
Istio service mesh security benefits microservices, developers

Learn more about Istio service mesh security features and how the open source technology can enable developers to better run, control and secure a distributed microservices architecture. Continue Reading

Learn to apply best practices and optimize your operations.

Build an agile cybersecurity program with Scrum

Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams. Continue Reading
How to put AI security to work in your organization

Countering cyberthreats through human effort alone is impossible; you need to add AI and machine learning products to your security program. Here's how to get started. Continue Reading
AI, machine learning in cybersecurity focused on behavior

Artificial intelligence, and machine learning in particular, is being fruitfully employed in IT security tools. Learn where this advanced technology works best now. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
Wireshark tutorial: How to use Wireshark to sniff network traffic

Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection. Continue Reading
How does a WordPress SEO malware injection work and how can enterprises prevent it?

Security expert Nick Lewis explains how to prevent WordPress SEO malware injection attacks that rank the attacker's search engine results higher than legitimate webpages. Continue Reading