open source
Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!
Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside …
CISO-approved strategies for software supply chain security
Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. …
Enhancing open source security: Insights from the OpenSSF on addressing key challenges
In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the …
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the …
Malicious open-source components threatening digital infrastructure
A new risk emerges in the digital era, where open-source software has become a fundamental pillar in developing innovative applications. The threat? Malicious open-source …
Never leak secrets to your GitHub repositories again
GitHub is making push protection – a security feature designed to automatically prevent the leaking of secrets to repositories – free for owners of all public …
Universal Data Permissions Scanner: Open-source tool to overcome data authorization blindspots
Satori released Universal Data Permissions Scanner, a free, open-source tool that enables companies to understand which employees have access to what data, reducing the risks …
Unpaid open source maintainers struggle with increased security demands
Ensuring the security of the open-source software that modern organizations depend on is a crucial responsibility of the open source maintainers, especially as attacks on the …
Tython: Open-source Security as Code framework and SDK
Development teams utilize automation through Infrastructure as Code (IaC) to facilitate rapid and frequent changes to their cloud-native architectures. Security teams must …
GitHub introduces private vulnerability reporting for open source repositories
GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private …
The double-edged sword of open-source software
The lack of visibility into the software supply chain creates an unsustainable cycle of discovering vulnerabilities and weaknesses in software and IT systems, overwhelming …
Security beyond software: The open source hardware security evolution
Mention IT security, and most people immediately think of software-based protections against software-based threats: ransomware, viruses, and other forms of malware. But …
Featured news
Resources
Don't miss
- Logitech confirms data breach
- Five men admit helping North Korean IT workers infiltrate US companies
- The tech that turns supply chains from brittle to unbreakable
- Strix: Open-source AI agents for penetration testing
- Product showcase: SecAlerts – Relevant, actionable, up-to-the-minute vulnerability alerts