Security News

Cape Privacy, a privacy platform for collaborative data science and machine learning, announces the launch of its open source platform as it secures $5 million in seed funding. Cape Privacy helps enterprise companies maximize the value of their data by providing an easy-to-use collaboration layer on top of advanced privacy and security technology.

Stamus Networks announced the general availability of SELKS 6 - the turnkey system based on Suricata intrusion detection/prevention and network security monitoring with a network threat hunting interface and graphical rule manager. "We are excited to make SELKS 6 officially available," said Peter Manev, co-founder and chief strategy officer of Stamus Networks.

ABBYY launched NeoML, an open source library for building, training, and deploying machine learning models. Available now on GitHub, NeoML supports both deep learning and traditional machine learning algorithms.

Nearly 1,000 vulnerabilities were found in popular open source projects in 2019, more than double compared to the previous year, according to a report published on Monday by risk management company RiskSense. RiskSense has analyzed 54 open source projects in which nearly 2,700 vulnerabilities were reported between 2015 and March 2020.

Security flaws in open source software have increased and can take a long time to be added to the National Vulnerability Database, says RiskSense. A report released Monday by vulnerability management firm RiskSense describes the impact of security vulnerabilities on OSS. For its report "The Dark Reality of Open Source," RiskSense found that the total number of CVEs in OSS are on the rise, more than doubling to 968 in 2019 from 421 in 2018 and 435 in 2017.

Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers. Published on GitHub in the Password Manager Resources repository, the tools should help developers create strong passwords compatible with popular websites.

IBM this week announced the availability of open source toolkits that allow for data to be processed while it's still encrypted. The toolkits implement fully homomorphic encryption, which enables the processing of encrypted data without providing access to the actual data.

The use of open source code in modern software has become nearly ubiquitous. Open source code is distinct from custom code in that its vulnerabilities - and many exploits for them - are published online, making it a particularly attractive target for malicious actors.

Google this week announced an expansion for its Vulnerability Rewards Program to include critical open-source dependencies of Google Kubernetes Engine. The announcement builds on the bug bounty program for Kubernetes that the Cloud Native Computing Foundation, in partnership with Google and others, announced earlier this year, and which offers rewards of up to $10,000 for vulnerabilities in the project.

How many vulnerabilities lurk inside the bazillions of open source libraries that today's developers happily borrow to build their applications? Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries used by them.