Security News
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program, the offering is one of the first open source-specific vulnerability programs.
A vulnerability assessment is a methodical examination of network infrastructure, computer systems, and software with the goal of identifying and addressing known security flaws. Usually, the vulnerability scanning tool also provides instructions on how to remediate or mitigate the discovered flaws.
Google has created a bug bounty program that will reward those who find and report vulnerabilities in its open-source projects, thereby hopefully strengthening software supply-chain security. The Open Source Software Vulnerability Rewards Program will pay bug hunters between $100 and $31,337, with the highest payments going to "Unusual or particularly interesting vulnerabilities," according to Googlers Francis Perron, open source security technical program manager, and infosec engineer Krzysztof Kotowicz.
Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software.The company's newly announced Vulnerability Reward Program focuses on Google software and repository settings.
This type of analysis may reveal to malware analysts not only what the malware does, but also its developer's future intentions. All the malware analysis tools listed below can be freely downloaded and used.
Fully Homomorphic Encryption (FHE) is a cryptographic primitive that enables performing computations over encrypted data without having access to the secret key. In this Help Net Security video,...
In this Help Net Security video, Christophe Tafani-Dereeper, Cloud Security Researcher and Advocate at DataDog, talks about Stratus Red Team, an open-source project for adversary emulation and validation of threat detection in the cloud. The tool supports common AWS and Kubernetes attack techniques.
In this Help Net Security video, Ofri Ouzan, Security Researcher at Rezilion, talks about MI-X, an open source tool aimed at effectively determining whether a local host or a running container image is truly vulnerable to a specific vulnerability by accounting for all factors which affect actual exploitability. The tool prints the logical steps it takes in order to reach a decision and can generate a flow chart depicting the complete logical flow.
Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. Given open source's value as a public asset, an institutional structure must be built that sustains and secures it.
Detectree, developed by WithSecure, is a detection visualization tool for cyber security defense teams. "Time is always working against incident responders. And looking through rows of text data and making connections between them and the suspicious activity under investigation is time spent not remediating the problem, which is a real waste when you're under pressure to stop an attack."