Open Source

Open Source | News, how-tos, features, reviews, and videos

abstract programming code
Interview

Chris Wysopal: Open source is becoming a national security risk

open source box open box out of the box empty
News Analysis

Google to launch repository service with security-tested versions of open-source software packages

20151027 red hat logo
News

Red Hat debuts edge features for Linux, Kubernetes platform security

At its annual Summit event, Red Hat is rolling out new edge-computing features for the company’s well-known enterprise Linux distribution, and security features for its Advanced Cluster Security for Kubernetes platform.

female developer programmer devops next generation it staff
News

Fuzzing tool company launches initiative to secure open-source software

ForAllSecure offers to pay developers to use its software to eliminate exploits in their code.

programming / coding elements / lines of code / development / developers / teamwork
News

Comcast open-sources xGitGuard code protection tool

The new code monitoring tool is designed to keep open source and proprietary code separate and secure.

assembly / architecture / modular structure / components
Straight Up SecurityBy

Drop the SBOM

Software bills of material are having a moment, but the costs of an externally visible SBOM are likely to outweigh the benefits, says Andy Ellis.

Application security > Software code + data protected with a lock
News Analysis

Alpha-Omega Project takes a human-centered approach to open-source software security

The Linux Foundation and OpenSSF project, with backing from Microsoft and Google, aims to improve security of 10,000 open-source projects.

Hands are stacked together in unity and trust. [colleagues / teamwork / collaboration]
News Analysis

Tech sector embraces public-private collaboration on open-source software security

Participants in a White House meeting on securing open-source software expressed optimism for working effectively with government to help prevent Log4j-like events.

man typing on laptop search internet web browswer
Feature

15 top open-source intelligence tools

OSINT (open-source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

A 'GitHub social coding' mug sits in a desktop workspace.
Feature

15 open source GitHub projects for security pros

GitHub has a ton of open-source options for security professionals, with new entries every day. Add these tools to your collection and work smarter.

tools drill bits toolkit tookapic free cc0 via pexels binary thinkstock
Feature

21 best free security tools

Check out these free, standout software tools that will make your daily security work easier, whether it's pen-testing, OSINT, vulnerability assessment, and more.

backdoor / abstract security circuits, locks and data blocks
News Analysis

PHP backdoor attempt shows need for better code authenticity verification

Attackers were able to place malicious code in the PHP central code repository by impersonating key developers, forcing changes to the PHP Group's infrastructure.

Check mark certificate in a binary tunnel / standards / quality control / certification / certifi
News Analysis

New free software signing service aims to strengthen open-source ecosystem

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain.

Triangular alert with exclamation mark amid abstract binary and sketches of scattered books.
Feature

Dependency confusion explained: Another risk when using open-source repositories

Dependency confusion is a newly discovered logic flaw in the default way software development tools pull third-party packages from public and private repositories. Here's what you need to know.

open source box open box out of the box empty
Opinion

Using open source for identity projects: 8 considerations

Consider these eight points to decide whether you can securely use open-source code in your identity management projects.

open box / abstract code / open-source code
Feature

4 best practices to avoid vulnerabilities in open-source code

Open-source code in public repositories might contain malware or unintentional vulnerabilities. Here's how to best manage finding and mitigating potential problems.

What it takes to become an information assurance analyst

This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his...

Fraud prevention: Improving internal controls

Internal fraud controls aren't fire-and-forget. Smart collaboration and ongoing improvement will help keep fraud in check. Here are the basics.

information security 2

How to write an information security policy

Learn the critical first step, why consensus is key, what to cover and how make your information security policy — and program — effective.

Red team versus blue team: How to run an effective simulation

Playing the role of an attacker can make your team better at defense. Learn how in our step-by-step guide to war gaming your security infrastructure — from involving the right people to weighing a hypothetical vs. live event.

Load More
You Might Also Like
Most Popular