5 ways to find and fix open source vulnerabilities

Credit to Author: Malwarebytes Labs| Date: Tue, 17 Jul 2018 15:00:00 +0000

A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about open source vulnerabilities. Here are five ways developers can find and fix vulnerabilities and their dependencies.

Categories:

Tags:

(Read more…)

The post 5 ways to find and fix open source vulnerabilities appeared first on Malwarebytes Labs.

Read more

HackerOne offers bug bounty service for free to open-source projects

Credit to Author: Lucian Constantin| Date: Fri, 03 Mar 2017 12:41:00 -0800

HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.

“Here at HackerOne, open source runs through our veins,” the company’s representatives said in a blog post. “Our company, product, and approach is built on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back.”

HackerOne is a platform that makes it easier for companies to interact with security researchers, triage their reports, and reward them. Very few companies have the necessary resources to build and maintain bug bounty programs on their own with all the logistics that such efforts involve, much less so open-source projects that are mostly funded through donations.

To read this article in full or to leave a comment, please click here

Read more

Self-protection is key to Linux kernel security

Linux has quietly taken over the world. The operating system now powers the large datacenters that make all our cloud applications and services possible, along with billions of Android devices and internet-connected gadgets that comprise the internet of things (IoT). Even the systems that handle the day-to-day operations on the International Space Station run Linux.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read more