Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Open Source

Things You Need to Know About Open Source - The FAQ Edition

Open Source projects can be a great asset, or they can be a curse – it’s all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some things to consider.

There's no such thing as 100% secure

When Gronk the caveperson chipped out the first wheel from a slab of granite only to watch it roll away down a hill at some speed, he discovered we could build things to make our lives easier. We took this idea and ran with it, and now we have internet connected shoes. However, we also have cybercrime, data theft, phishing, scams, ransomware... the list goes on.

Information on open source vulnerabilities is as distributed as the community

Nothing gets the AppSec / InfoSec community abuzz quite like a good old 0-day vulnerability. I mean, what’s not to love here? These vulnerabilities involve the thrill of adversaries knowing something we don’t, giving them a path to sail through our defenses to break into that sweet data inside. They are the James Bond of the security space — suave, sexy, and deadly.

Apache Struts Vulnerabilities vs Spring Vulnerabilities

Developers the world over depend on the Apache Struts open source framework to build valuable and powerful applications. This open source component and the Apache Software Foundation that stands behind it have provided organizations with a cost-effective force multiplier that allows their teams to develop faster and more efficiently. A very active project, GitHub shows Apache Struts as having 5,441 commits and 112 releases.

Quick Install of Forseti Security on Google Cloud Platform

Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future. The install is pretty simple since it’s contained within a Deployment Manager template. Deployment Manager automates infrastructure deployments of Google Cloud Platform resources. I’m going to highlight some of the notes from the official Forseti documentation in this post for completeness.

With Forseti, Spotify and Google release GCP security tools to open source community

Being able to secure your cloud resources at scale is important for all Google Cloud Platform users. To help ensure the security of GCP resources, you need to have the right tools and processes in place. Spotify and Google Cloud worked together to develop innovative security tools that help organizations protect GCP projects, and have made them available in an open source community called Forseti Security. Forseti is now open to all GCP users!