open source
New open source solution reduces the risks associated with cloud deployments
An open source user computer environment (UCE) for the Amazon Cloud, called Galahad, has been launched by the University of Texas at San Antonio (UTSA). The technology will …
Malicious Python packages found on PyPI
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …
1 in 10 open source components downloaded in 2018 had a known security vulnerability
This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it …
OpenSSH adds protection against Spectre, Meltdown, RAMBleed
OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow …
Offensive Security unveils Kali Linux roadmap
Offensive Security unveiled much of the 2019-2020 roadmap for the open source Kali Linux project, the most popular operating system used by penetration testers and ethical …
GitHub introduces Dependabot-powered automated security fixes
GitHub, the largest code-hosting site in the world, has announced many new features and changes at the 2019 GitHub Satellite conference that took place last week in Berlin. …
Open source security: The risk issue is unpatched software, not open source use
Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an …
Framing supply chain attacks
The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development …
Patched Apache flaw is a serious threat for web hosting providers
Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via …
Meet the new generation of white hats
The past two years have seen an explosion in the number of software vulnerabilities being published, jumping from 6,447 in 2016 to 14,714 in 2017. Seeing as 2018 beat out the …
NSA unveils Ghidra reverse engineering tool at RSA Conference 2019
The National Security Agency (NSA) has released Ghidra, a free and cross-platform software reverse engineering tool suite used internally by the intelligence agency. They are …
OSSPatcher: Automated mobile application patching for bugs in open source libraries
Researchers from the Georgia Tech and Peking University are working on OSSPatcher, a system for automatic patching of vulnerable open source libraries included in mobile …