Security News

Google delivers secure open source software packages
2023-04-13 12:32

Google has announced the Google Cloud Assured Open Source Software service, which aims to be a trusted source of secure open source packages, and the deps. With Assured OSS, Google offers organizations the opportunity to integrate into their own developer workflows the same OSS packages Google uses and secures.

Google Cloud offers Assured Open Source Software for free
2023-04-12 22:34

Open source software and software supply chain security risks continue to be a primary concern for developers and organizations. According to a 2022 study by electronic design and automation company Synopsys, 84% of open source software codebases contained at least one known vulnerability - a nearly 4% increase from last year - and 48% contained a high-risk vulnerability.

Protecting your business with Wazuh: The open source security platform
2023-04-10 09:27

These solutions include firewalls, antiviruses, data loss prevention services, and XDRs. Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. The post Using the Wazuh SIEM and XDR platform to meet PCI DSS compliance shows how Wazuh plays an important role in maintaining PCI compliance for your organization.

Welcome to open source, Elon. Your Twitter code just got a CVE for shadow ban bug
2023-04-07 19:12

The issue was discovered by Federico Andres Lois while reviewing the tweet recommendation engine that's said to power Twitter's For You timeline. According to Lois's study of the engine bug he found, coordinated efforts to unfollow, mute, block and/or report a targeted user applies global reputation penalties to the account that are practically impossible to overcome based on how Twitter's recommendation algorithm treats negative actions.

Passbolt: Open-source password manager for security-conscious organizations
2023-04-03 04:52

In this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to password usage, outlines how the Passbolt password manager guarantees the utmost level of security for businesses, highlights its features in the competitive landscape, sheds light on how Passbolt meets the distinct requirements of teams and organizations, and more. Passbolt is developed using proven security standards like OpenPGP and complies with security auditing standards such as SOC2 Type II. All of our security practices meet or exceed industry standards.

Twitter open-sources recommendation algorithm code
2023-03-31 20:02

Twitter announced on Friday that it's open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users' For You timeline. "Today's release also does not include the code that powers our ad recommendations. We also took additional steps to ensure that user safety and privacy would be protected, including our decision not to release training data or model weights associated with the Twitter algorithm at this point."

OpenAI: ChatGPT payment data leak caused by open-source bug
2023-03-24 18:39

OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.

NordVPN open sources its Linux VPN client and libraries
2023-03-15 21:34

Nord Security has released the source code of its Linux NordVPN client and associated networking libraries in the hopes of being more transparent and easing users' security and privacy concerns. As part of this announcement, NordVPN released the source code for its Linux applications and two libraries - Libtelio and Libdrop.

Securing cloud workloads with Wazuh - an open source, SIEM and XDR platform
2023-03-06 15:05

Cloud workload security is a practice that ensures all cloud workloads are adequately monitored and protected. Cloud security solutions assist in protecting against threats targeting cloud infrastructure thereby lowering risk, improving application reliability, and ensuring regulatory compliance.

Top 10 open-source security and operational risks of 2023
2023-03-03 21:50

Attackers can create components with names that resemble those of legitimate open-source or system components. Relying on an immature component or project can pose significant operational risks.