Security News

Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects. The Go-based tool, powered by the Open Source Vulnerabilities database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared with The Hacker News.

New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from this common practice. As just one example, the research reveals that 95% of all vulnerabilities are found in transitive dependencies - open-source code packages that developers do not select, but are indirectly pulled into projects.

ConductorOne open-sourced their identity connectors in a project called Baton, available on GitHub. Each connector gives developers the ability to extract, normalize, and interact with workforce...

A version of an open source ransomware toolkit called Cryptonite has been observed in the wild with wiper capabilities due to its "Weak architecture and programming." Written in Python, the malware employs the Fernet module of the cryptography package to encrypt files with a ".

Open source software hosting and cloud computing provider Fosshost will no longer be providing services as it reaches end of life. UK-based non-profit Fosshost has been providing services to several high profile open source projects like GNOME, Armbian, Debian and Free Software Foundation Europe completely free of charge.

CI Fuzz CLI, the open-source Command-Line Interface tool from Code Intelligence, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup to find functional bugs and security vulnerabilities at scale. CI Fuzz CLI, available on GitHub, leverages genetic and evolutionary algorithms and automated instrumentation to dynamically generate millions of unusual inputs to test Java applications for unexpected behaviors that may lead to crashes, DoS or zero-day exploits.

Open source tools are a key part of the Kubernetes security environment, with most companies using open source Kubernetes security software, research by ARMO has revealed. In a survey of The State of Kubernetes Open Source Security, 55% of respondents said they used at least some open source tools to keep their Kubernetes clusters safe; this includes those who use purely open source and those mix open source and proprietary solutions.

Provectus released v0.8 of its Open Data Discovery Platform, an open-source platform that helps data-driven enterprises democratize their data. Designed to overcome the limitations of conventional data catalogs, ODD helps to standardize data collection, improves compatibility of different catalogs, expands data lineage capabilities, and enhances data quality and observability.

An open-source smart data exploration, analysis and model debugging tool for machine learning. Data scientists often need to analyze datasets both during the data preparation stage and model training, which can be overwhelming and time-consuming, especially when working on large-scale datasets.

Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of programmers. GitHub Copilot, released in June 2022, is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio.