Security News

If your desktop of choice is Linux, you don't have to be without a 2FA tool, thanks to OTPClient. What about those looking for an open source GUI 2FA tool for the Linux desktop? If that's you, there's OTPClient.

The Open Cybersecurity Alliance today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. With open source code freely available to the security community, OpenDXL Ontology enables any tool to automatically gain the ability to communicate and interoperate with all other technologies using this language.

The hardware security professionals at F-Secure have created a new version of the USB armory - a computer on a USB stick built from the ground up to be secure. USB armory Mk II. The USB armory Mk II entrenches security in its lowest levels and is suitable for a wide range of applications - such as custom hardware security modules, cryptocurrency wallets, secure authentication and licensing tokens, and more - that need the efficiency and flexibility of an embedded computer without sacrificing security.

Interested in using hardware security keys to log into online services more securely? Well, now you can make your own from scratch, thanks to an open-source project that Google announced last week. Google has released an open-source implementation called OpenSK. It's a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key.

Google on Thursday announced that it has released the source code for a project named OpenSK in an effort to allow users to create their own security key devices. Specifically, the company hopes that researchers, manufacturers of security keys and even enthusiasts will help develop new features and accelerate the adoption of these authentication devices.

Want to know what's in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features - or backdoors. "At Microsoft, our software engineers use open source software to provide our customers high-quality software and services. Recognizing the inherent risks in trusting open source software, we created a source code analyzer called Microsoft Application Inspector to identify 'interesting' features and metadata, like the use of cryptography, connecting to a remote entity, and the platforms it runs on," Guy Acosta and Michael Scovetta, security program managers at Customer Security and Trust, Microsoft, explained the Inspector's genesis.

SpecFlow will continue to remain a free, open source offering for the software development and testing communities. The acquisition of SpecFlow adds best-in-class support for BDD and.

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment. Regula rules are written in Rego, the open source policy language employed by the Open Policy Agent project and can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance best practices.

BNP Paribas' Patrick Pitchappa on Application SecurityBecause open source components have known vulnerabilities, it's important for companies to invest in the right tools to help developers build...

Six years into running the Patch Rewards Program to help improve the security of open source projects, Google has decided to provide upfront financial support for such initiatives. read more