Security News

For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security and developers' practices regarding vulnerability reporting, alerting and remediation. The Microsoft subsidiary found that security vulnerabilities often go undetected for more than four years before being disclosed.

Industrial cybersecurity company OTORIO has released an open source tool designed to help organizations harden Siemens' SIMATIC PCS 7 distributed control systems. According to the cybersecurity firm, the script is designed to assess the security configuration of the SIMATIC PCS 7 OS client, OS server and engineering station.

The financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components, Veracode reveals. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.

The Firewall Manager is a centralised service for configuring firewalls across accounts and applications within an AWS user organisation, this being a way of managing multiple AWS accounts. The new AWS Network Firewall moves beyond the existing services by adding more intelligent rules using the open-source Suricata project for intrusion detection.

See what Jack Wallen considers to be the biggest issue for Linux in 2020. Enterprise-level companies embraced open source software even further, containers and the cloud became even more crucial to both businesses and consumers, the Linux community found a larger piece of the support pie from large manufacturers like Microsoft, and distributions continued to wow.

Scorecards provides an assessment of open-source packages, which developers can use to judge whether they are safe to introduce into their projects or systems. Introducing unknown code into a software can be risky, which is why Google is introducing a new scorecard system to help developers assess the risk of open-source dependencies before introducing them to their systems.

NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance.

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments. KubeLinter is a static analysis tool that checks YAML files, which store configuration data for Kubernetes applications, to ensure that security best practices are followed.

San Francisco, CA-based FOSSA - an open source management firm - has raised $23.2 million in a Series B funding round from Bain Capital Ventures, Canvas Ventures and Costanoa Ventures; bringing the total raised to $35 million. The company has simultaneously launched FOSSA Security Management, a product designed to help organizations secure their software supply chain - that is, the uncontrolled inclusion and use of open source software within their own software development.

Since well before the pandemic, software developers have leveraged open source code as a means to speed development cycles. Applications today are usually designed using hundreds of unique open source components, which then reside in their software and workspaces for years.