Security News

Scorecards provides an assessment of open-source packages, which developers can use to judge whether they are safe to introduce into their projects or systems. Introducing unknown code into a software can be risky, which is why Google is introducing a new scorecard system to help developers assess the risk of open-source dependencies before introducing them to their systems.

NS1 announced that pktvisor, a lightweight, open source tool for real-time network visibility, is available on GitHub. Visibility into network traffic, especially in distributed edge environments and with malicious attacks on the rise, is a critical part of ensuring uptime and performance.

Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments. KubeLinter is a static analysis tool that checks YAML files, which store configuration data for Kubernetes applications, to ensure that security best practices are followed.

San Francisco, CA-based FOSSA - an open source management firm - has raised $23.2 million in a Series B funding round from Bain Capital Ventures, Canvas Ventures and Costanoa Ventures; bringing the total raised to $35 million. The company has simultaneously launched FOSSA Security Management, a product designed to help organizations secure their software supply chain - that is, the uncontrolled inclusion and use of open source software within their own software development.

Since well before the pandemic, software developers have leveraged open source code as a means to speed development cycles. Applications today are usually designed using hundreds of unique open source components, which then reside in their software and workspaces for years.

Commentary: Open source has never been more popular, which means it's time to figure out how to effectively secure the open source you use. The world is made of software, and upwards of 99% of any software you use-open source or proprietary-includes open source components.

Fleek has announced the launch of Space, an open source, private file storage, sharing, and collaboration platform built on top of the distributed web stack, including Filecoin, IPFS, and Textile. Space's mission is to enable a fully private, peer to peer file and work collaboration experience for users.

The source code for Windows XP and other elderly Microsoft operating systems appears to have leaked online as the mega-corp's Ignite developer shindig came to an end. The source of the alleged code leak is unclear; a torrent for the archive popped up on internet armpit 4chan and contains what appears to be Windows XP Service Pack 1, as well as some other past-their-sell-by-date flavours of Microsoft's greatest hits.

Microsoft has open-sourced OneFuzz, its own internal continuous developer-driven fuzzing platform, allowing developers around the world to receive fuzz testing results directly from their build system. Fuzzing is an automated software testing technique that involves entering random, unexpected, malformed and/or invalid data into a computer program.

Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities. The tool Microsoft has released is called "OneFuzz" and the company says it is "The testing framework used by Microsoft Edge, Windows, and teams across Microsoft is now available to developers around the world."