Security News

The number of vulnerabilities in open source projects surged almost 50 per cent in 2019, according to security biz WhiteSource, which can be seen as good news in the sense that you don't find what you're not looking for. "The problem with open source vulnerabilities is that, like everything in the open source community, once something is reported all the information is public and every beginner hacker can learn the vulnerability and it's exploitation and then execute it on a large number of applications."

The new platform enables major advances in managing software development, such as open source technologies that use innovative and customizable tools for analyzing and monitoring OSS software projects. Also the supplier of solutions for industry Softeam, which provides one of the most popular open source tools for model based software development; Unparallel Innovation and Castalia Solutions that specialize in guidance and services to industry for exploiting new technology innovations; along with two leading forge providers, Eclipse Foundation and OW2 Consortium, that host many popular open source projects used by industry.

The HPE Container Platform is the industry's first enterprise-grade container platform designed to support both cloud-native and non-cloud-native applications using 100 percent open source Kubernetes - running on bare-metal or virtual machines, in the data center, on any public cloud, or at the edge. The HPE Container Platform reduces cost and complexity by running containers on bare-metal, while providing the flexibility to deploy in VMs or cloud instances.

If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient.

According to Jim O'Gorman, Chief Content and Strategy officer at Offensive Security and leader of the Kali team, Kali users generally fall into two buckets: highly informed, experienced professionals/hobbyist and individuals that are new to Linux in general. "As a whole, I think it's fair to say that we build and design Kali for security professionals and hobbyists to utilize as a base platform for their work. These are individuals that could easily roll their own version of Linux for their needs, but if Kali is done right, it's a no-brainer to use it and save the work and effort that would go into building your own," he told Help Net Security.

If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient. What about those looking for an open source GUI 2FA tool for the Linux desktop? If that's you, there's OTPClient.

The Open Cybersecurity Alliance today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. With open source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language.

The hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure. USB armory Mk II. The USB armory Mk II entrenches security in its lowest levels and is suitable for a wide range of applications - such as custom hardware security modules, cryptocurrency wallets, secure authentication and licensing tokens, and more - that need the efficiency and flexibility of an embedded computer without sacrificing security.

Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It's a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key.

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices. Specifically, the company hopes that researchers, manufacturers of security keys and even enthusiasts will help develop new features and accelerate the adoption of these authentication devices.