Security News

Microsoft this week announced that it has made some of its COVID-19 threat intelligence available to the public. The number of attacks targeting organizations and individuals worldwide using coronavirus lures has increased dramatically over the past several months, and Microsoft says it wants to help even those who do not use its threat protection solutions.

99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys. The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.

StellarGraph has launched a series of new algorithms for network graph analysis to help discover patterns in data, work with larger data sets and speed up performance while reducing memory usage. One of the challenges data scientists face when dealing with connected data is how to understand relationships between entities, as opposed to looking at data in silos, to provide a much deeper understanding of the problem.

GitHub has made available two new security features for open and private repositories: code scanning and secret scanning. The code scanning feature, available for set up in every GitHub repository, is powered by CodeQL, a semantic code analysis engine that GitHub has made available last year.

The aim, said the code repo house, is to help developers suss out potential security vulnerabilities ahead of time, and to do so at a scale that will work for both small and large projects. The feature, based on the code-checking tools GitHub bought last year when it gobbled up UK-based Semmle, automatically graphs and scans code when a new push request is made and checks it for a number of common errors that can cause security vulnerabilities.

Network operators, integrators and software vendors have joined forces to create Leitstand, an open-source community that aims to increase the efficiency of developing, buying and running network management systems for next generation carrier networks. It will provide the tools needed to operate the underlying infrastructure in a disaggregated telecoms network, including zero-touch provisioning of infrastructure, inventory management, operational visibility of network elements, alarm monitoring, fault diagnosis and software version management.

In September last year, Sophos made Sandboxie free, while also announcing that it was transitioning the tool to open source. "Sophos is proud to announce the release of the Sandboxie source code to the community, meaning we are finally an open source tool! We're excited to give the code to the community," the company announced on its forums.

CSIRO's Data61, the digital specialist arm of Australia's national science agency, announced the creation of the seL4 Foundation, a not-for-profit organization, to accelerate the development of the seL4 microkernel and related technologies. The seL4 Foundation will provide a global, independent and neutral organization for funding and steering the future evolution of seL4.

Have you come up with hardware or software that can help solve a problem that arose from COVID-19 and its worldwide spread? Mozilla is offering up to $50,000 to open source technology projects that are responding to the pandemic in some way. Online "Hackatons" - launched/sponsored by governments and various organizations in Poland, Estonia, China, the UK, Switzerland, India, Malaysia, and so on - are gathering participants from different sectors and with different skills to collaborate and come up with IT-based open source solutions to COVID-19-related medical, social and other problems.

DataStax released code for an Apache Cassandra Kubernetes operator to help enterprises and users succeed with scale-out, cloud-native data. This Kubernetes Operator for Apache Cassandra, cass-operator, is now available and ready for use by the community as we work together on a common operator.