Security News
How do such products fare on security? Though the community-based approach toward open source means that security flaws should be identified quickly, patching those flaws and applying the patches is another matter. In a report released Tuesday, design automation company Synopsys looked at commercial applications that use open source code to see how they dealt with security flaws.
Designed to help advance artificial intelligence and machine learning, the experimental research project was designed to aid in the analysis of how "Autonomous agents operate in a simulated enterprise environment using high-level abstraction of computer networks and cybersecurity concepts." Reinforcement learning, Microsoft explains, is a type of machine learning that teaches autonomous agents to make decisions based on the interaction with the environment: agents improve strategies through repeated experience, similarly to playing a video game over and over to become better at it.
Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks. The tech, dubbed CyberBattleSim by its creators at the Microsoft 365 Defender research team, is a Python-based OpenAI Gym affair, and sets up pretend networks loaded with vulnerabilities and other weaknesses.
Microsoft has open-sourced software that pits machine-learning-powered network intruders against automated defenders inside virtual networks. The tech, dubbed CyberBattleSim by its creators at the Microsoft 365 Defender research team, is a Python-based OpenAI Gym affair, and sets up pretend networks loaded with vulnerabilities and other weaknesses.
DOWNSTREAM ISSUES. The result is that under-resourced teams need to manage vulnerabilities that may or may not be relevant within hundreds of libraries, possibly within many different apps, and always with the possibility that library updates may cause further downstream issues. "Failure to keep libraries updated over time not only increases risk to an organization but also makes library updates much more difficult and time-consuming when they are finally done. When a library stays dormant in an application for multiple years, any new vulnerability is difficult to fix because so much code has been built over it."
Open source security management company WhiteSource on Wednesday announced that it has raised $75 million in a Series D funding round. The latest round, which brings the total raised by WhiteSource to more than $120 million, was led by Pitango Growth, with participation from M12, Susquehanna Growth Equity, and 83North.
Sigstore could eliminate the headaches associated with current software signing technology through public ledgers. The Linux Foundation, in partnership with Red Hat, Google and Purdue University, has announced a new digital signing project, potentially eliminating many of the headaches that come with securing open source software, files, images and binaries.
Akash Network, a project out of Overclock Labs, confirmed the successful launch of Akash MAINNET 2, the first open-source cloud and the only viable decentralized cloud alternative to centralized cloud providers like Amazon Web Services, Google Cloud, and Microsoft Azure. Akash MAINNET 2 empowers developers to break free from the limitations of traditional cloud infrastructure, and accelerates growth and scale in the blockchain ecosystem by enabling developers and companies to decentralize their cloud infrastructure, deploying applications faster, more efficiently, and at lower cost.
Infrastructure modernization remains the most important use case for enterprise open source for the third consecutive year, according to Red Hat's newly released State of Enterprise Open Source Report. "The two are closely related because new applications are a big part of digital transformation. Taken together, they clearly demonstrate that organizations are using enterprise open source for strategic purposes, not just for infrastructure 'plumbing,'" the report said.
Microsoft on Thursday announced the open source availability of CodeQL queries that it used during its investigation into the SolarWinds attack. The company has released the source code of CodeQL queries, which it used to analyze its code at scale and identify any code-level indicators of compromise associated with Solorigate.