Please turn on your JavaScript for this page to function normally.
cloud
Cloud-native adoption shifts security responsibility across teams

Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during …

open source
The Linux Foundation’s Census of OSS app libraries helps prioritize security work

The Linux Foundation announced the final release of “Census II of Free and Open Source Software – Application Libraries,” which identifies more than one thousand of the …

open source
Software supply chain security still a pain point

ActiveState announced the results of its survey, providing insights into the security challenges of the software industry’s open source supply chain, which includes the …

Kali 2022.1
Kali Linux 2022.1 released: New tools, kali-linux-everything, visual changes

Offensive Security has released Kali Linux 2022.1, the latest version of its popular open source penetration testing platform. Visually refreshed and with improved usability …

Samba
Samba bug may allow code execution as root on Linux machines, NAS devices (CVE-2021-44142)

A critical vulnerability (CVE-2021-44142) in Samba, a widely used open source implementation of the Server Message Block (SMB) networking protocol, could allow attackers to …

open source
Open-source code: How to stay secure while moving fast

Open source has transformed the software world, tremendously reducing the cost of introducing new technology by enabling broad reuse across products and industries. However, …

EU bug
EU launches bug bounty programs for five open source solutions

The European Union is, once again, calling on bug hunters to delve into specific open source software and report bugs. This time around, the list of software that should be …

Log4j
Log4Shell is a dumpster fire that should have been avoided

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every …

Log4j
Open-source software holds the key to solving Log4Shell-like problems

Earlier this month, the existence of a critical vulnerability in Apache Log4j 2 was revealed and a PoC for it published. Dubbed Log4Shell, it’s an issue in a logging library …

application security testing
GoTestWAF: Open-source project for evaluating web application security solutions

GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was …

immudb
Immudb: Open-source database, built on a zero trust model

Now, with full transactional support for everyday business applications, the open source immudb tamper-proof database can serve as the main transactional database for …

Log4j
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Don't miss

Cybersecurity news