Security News

Chalk: Open-source software security and infrastructure visibility tool
2023-10-03 03:30

Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers.

Network Flight Simulator: Open-source adversary simulation tool
2023-09-27 03:30

Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic patterns.

BinDiff: Open-source comparison tool for binary files
2023-09-25 09:58

BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. You can also port symbols and comments between disassemblies of multiple versions of the same binary or use BinDiff to gather evidence for code theft or patent infringement.

LLM Guard: Open-source toolkit for securing Large Language Models
2023-09-19 04:30

LLM Guard is a toolkit designed to fortify the security of Large Language Models. It provides extensive evaluators for both inputs and outputs of LLMs, offering sanitization, detection of harmful language and data leakage, and prevention against prompt injection and jailbreak attacks.

CISA Aims For More Robust Open Source Software Security for Government and Critical Infrastructure
2023-09-18 18:23

CISA also plans to create a guide to best practices in open source security for government entities and critical infrastructure organizations, according to the roadmap. CISA notes that open source software can lead to great innovation; however, CISA said, vulnerabilities like the widespread Log4shell vulnerability in 2021 mean open source software can introduce insidious flaws in widely-used code.

MITRE Caldera for OT now available as extension to open-source platform
2023-09-06 06:21

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology. The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute, a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency to increase the resiliency of critical infrastructure.

Reaper: Open-source reconnaissance and attack proxy workflow automation
2023-09-05 03:00

Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it's already capable of much.

A closer look at the RFI on open-source software security
2023-08-30 04:00

The U.S. Office of the National Cyber Director released a request for information entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government's effort to invest in open-source software and security continues to pick up steam. In this Help Net Security video, Luis Villa, General Counsel at Tidelift, discusses how the RFI is a clear call to open source experts and industry leaders that the best ideas for how the government can make the entire open source ecosystem more healthy and secure are top of mind.

Velociraptor: Open-source digital forensics and incident response
2023-08-30 03:30

Velociraptor is a sophisticated digital forensics and incident response tool designed to improve your insight into endpoint activities. Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple endpoints simultaneously.

Bitwarden releases free and open-source E2EE Secrets Manager
2023-08-23 19:04

Bitwarden, the maker of the popular open-source password manager tool, has released 'Secrets Manager,' an end-to-end encrypted secrets manager for IT professionals, software development teams, and the DevOps industry. The problem is so widespread that GitHub launched a system that would alert repository owners of misconfigurations leading to the exposure of secrets, and independent security researchers wrote open-source tools dedicated to scanning for secrets in publicly exposed AWS S3 storage buckets.