Security News

India said its coronavirus contact-tracing app is perfect... adds bug bounty and open-sources it anyway
2020-05-27 02:59

India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.

India said its coronavirus contact-tracing app is perfect... adds bug bounty and open-sources it anyway
2020-05-27 02:59

India has open-sourced its Aarogya Setu contact-tracing app and announced a bug bounty programme to detect any security issues. The nation has now decided to open the app and run a bug bounty programme.

70 Percent of Mobile, Desktop Apps Contain Open-Source Bugs
2020-05-25 13:00

A full 70 percent of applications being used today have at least one security flaw stemming from the use of an open-source library. Most JavaScript applications contain hundreds of open-source libraries - some have more than 1,000 different libraries.

How secure are open source libraries?
2020-05-21 04:30

Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies.

Open source security report finds library-induced flaws in 70% of applications
2020-05-20 13:48

The State of Software Security: Open Source Edition analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries. The idea was to define the risk that a single flaw in one library can pose to all applications that leverage that code.

Swimlane Analyst Hub: Increasing access to educational content and open-source tools
2020-05-18 01:45

Swimlane, an industry leader in security orchestration, automation and response announced the launch of the Swimlane Analyst Hub as a way to aggregate its open-source and developer tools and content for security analysts. Swimlane's Deep Dive team will continue to enhance and add additional open-source tools on the Analyst Hub.

Microsoft Open-Sources COVID-19 Threat Intelligence
2020-05-15 16:36

Microsoft this week announced that it has made some of its COVID-19 threat intelligence available to the public. The number of attacks targeting organizations and individuals worldwide using coronavirus lures has increased dramatically over the past several months, and Microsoft says it wants to help even those who do not use its threat protection solutions.

Eye-opening statistics about open source security, license compliance, and code quality risk
2020-05-14 04:30

99% of commercial codebases contain at least one open source component, with open source comprising 70% of the code overall, according to Synopsys. The most concerning trend in this year's analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year.

Open source algorithms for network graph analysis help discover patterns in data
2020-05-11 03:00

StellarGraph has launched a series of new algorithms for network graph analysis to help discover patterns in data, work with larger data sets and speed up performance while reducing memory usage. One of the challenges data scientists face when dealing with connected data is how to understand relationships between entities, as opposed to looking at data in silos, to provide a much deeper understanding of the problem.

GitHub Code Scanning aims to prevent vulnerabilities in open source software
2020-05-08 07:48

GitHub has made available two new security features for open and private repositories: code scanning and secret scanning. The code scanning feature, available for set up in every GitHub repository, is powered by CodeQL, a semantic code analysis engine that GitHub has made available last year.