The top three differences between an open source audit and an open source scan
Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Open Source
The future of cyber threat prevention lies in open security
For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend. However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries.
Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7
The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.
Supply Chain Security for Open Source: Pyrsia at CD Summit and KubeCon 2022
I was super excited to be at Kubecon+CloudNativeCon this year. Kubecon has managed to build a great community that goes beyond Kubernetes and has been a good catalyst in bringing together people passionate about OpenSource. Kubecon also has attracted a lot of interest due to the quality of sessions, the number of co-located events, and the opportunity to connect with peers, partners and friends.
Open source cybersecurity tools
At LimaCharlie, we believe that open-source tools have a crucial role to play in the security industry. This conviction stems, in part, from our company history: LimaCharlie started out as an open-source endpoint detection and response (EDR) project. But beyond that, we think that the future of cybersecurity will be marked by the values of open-source tech; by a trend towards greater openness and transparency.
Network Detection and Incident Response with Open Source Tools
When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.
Pyrsia OSS Project
Meet our partner experts and learn more about how JFrog's Pyrsia project (the decentralized package network) works hard to secure the #softwaresupplychain! Learn more at https://pyrsia.io/.
#DevOps #DevSecOps
Open Source Intelligence
The term “open source” refers in particular to records this is publically available. A huge part of the internet cannot be found using major search engines. This is called as “Deep Web”. Deep Web is a mass of websites, databases, files, and more that cannot be indexed by Google, Bing, Yahoo, or any other search engine. Despite this, much of the content of the dark web can be considered open source because it is easily available to the public.
How to contribute to open source projects
As a developer, you probably rely on open source every day. Open source code is incredibly beneficial for building and improving products, whether personal or professional. But have you considered going a step further and contributing to open source projects as well? Taking this approach can improve your skills and make a positive impact on the software development community at large. Yet, taking the leap can seem difficult. Where do you start?
I have my Black Duck audit reports; What's next?
Get the most out of your Black Duck open source audit by understanding the report components and next steps you need to take.