GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …
OSC&R open software supply chain attack framework now on GitHub
OSC&R (Open Software Supply Chain Attack Reference) is an open framework for understanding and evaluating software supply chain security threats. It has received the …
How ChatGPT is changing the cybersecurity game
The cybersecurity industry can leverage GPT-3 potential as a co-pilot to help defeat attackers, according to Sophos. The latest report details projects developed by Sophos …
GitHub to introduce mandatory 2FA authentication starting March 13
Starting March 13, GitHub will gradually introduce the 2FA enrollment requirement to groups of developers and administrators, beginning with smaller groups. This measured …
Massive GitHub analysis reveals 10 million secrets hidden in 1 billion commits
GitGuardian scanned 1.027 billion new GitHub commits in 2022 (+20% compared to 2021) and found 10,000,000 secrets occurrences (+67% compared to 2022). What is interesting …
5 open source Burp Suite penetration testing extensions you should check out
When it comes to assessing the security of computer systems, penetration testing tools are critical for identifying vulnerabilities that attackers may exploit. Among these …
Veza integrates with GitHub to secure customers’ data
With Veza and GitHub integration, Veza customers who use GitHub can now keep company IP out of the hands of threat actors by managing access permissions to the organization’s …
Critical RCE vulnerabilities found in git (CVE-2022-41903, CVE-2022-23251)
A source code audit has revealed two critical vulnerabilities affecting git, the popular distributed version control system for collaborative software development. The latest …
70% of apps contain at least one security flaw after 5 years in production
Veracode revealed data that could save organizations time and money by helping developers minimize the introduction and accumulation of security flaws in their software. Their …
Nosey Parker: Find sensitive information in textual data and Git history
Praetorian has open-sourced the regular expression-based (RegEx) scanning capabilities of its Nosey Parker secret scanning tool. Scanning filesystem content for secrets …
Open-source tool for security engineers helps automate access reviews
ConductorOne open-sourced their identity connectors in a project called Baton, available on GitHub. Each connector gives developers the ability to extract, normalize, and …
CI Fuzz CLI: Open-source tool to test Java apps for unexpected behaviors
CI Fuzz CLI, the open-source Command-Line Interface (CLI) tool from Code Intelligence, now allows Java developers to easily incorporate fuzz testing into their existing JUnit …