Security News

MariaDB announced the general availability of MariaDB Platform X5, a comprehensive open source database solution delivering the ultimate in versatility across workloads and scalability from a single database or data warehouse to millions of transactions per second. "MariaDB Platform X5 is the culmination of years of deep engineering work to bring together best-of-breed technologies in a meaningful way," said Michael Howard, CEO, MariaDB Corporation.

Commentary: Cyral has been on a roll with two open source projects designed to make security a natural part of the development workflow. By open sourcing Approzium, Cyral makes it easier for developers to trust the project precisely because they don't really have to trust it-they can see the code.

That's the reason why companies should constantly test their environments against TTPs. The baseline profiling of your core network components, OS, devices and apps, adversary simulations, achieving full visibility and analytics across many different network data sources, correlation, and understanding of how each component affects the other one seems like a good approach for dealing with cybersecurity risks. What's your take on using open source tools within an enterprise security architecture?

Industrial cybersecurity firm Claroty this week announced the availability of AccessDB Parser, an open source tool that allows researchers to analyze Microsoft Access database files associated with SCADA applications. AccessDB Parser was initially developed to improve the scanning capabilities of Claroty Continuous Threat Detection's Application DB, which is designed to provide a non-intrusive way to identify and manage assets in OT networks by parsing configuration files and other artifacts associated with industrial control systems.

A dozen vulnerabilities have been found in OpenClinic GA, a popular open source hospital management system, including flaws that can be exploited to access sensitive information or install malware on the hosting server. OpenClinic GA is described as an "Integrated hospital information management system covering management of administrative, financial, clinical, lab, x-ray, pharmacy, meals distribution and other data." The product is used worldwide and it has been downloaded nearly 120,000 times from SourceForge.

Total funding for Codefresh has now more than doubled to $42M. Codefresh CEO Raziel Tabib shared details of how this new round of funding will be used to make "Big investments into open source, continuous delivery, and more". Codefresh launched as the first continuous integration and delivery platform for Kubernetes and has grown dramatically with adoption from DevOps teams at Epic Games, Gap, Vivint, TBS, and many others.

New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, according to Snyk. Across the six popular ecosystems the report examined, there were fewer new vulnerabilities reported in 2019 than in 2018 - a promising finding - but there are still significant improvements to strive for with slightly less than two thirds of vulnerabilities still taking more than 20 days to remediate.

The second top vulnerability last year was malicious packages, where a trusted package is contaminated with one crafted for an attack. "A dev using one open-source package typically unwittingly pulls in dozens of others. Most known vulnerabilities are in those packages, and with a typical app using hundreds of libraries, the odds of a severe vulnerability in some of them are high."

Cape Privacy, a privacy platform for collaborative data science and machine learning, announces the launch of its open source platform as it secures $5 million in seed funding. Cape Privacy helps enterprise companies maximize the value of their data by providing an easy-to-use collaboration layer on top of advanced privacy and security technology.

Stamus Networks announced the general availability of SELKS 6 - the turnkey system based on Suricata intrusion detection/prevention and network security monitoring with a network threat hunting interface and graphical rule manager. "We are excited to make SELKS 6 officially available," said Peter Manev, co-founder and chief strategy officer of Stamus Networks.