open source

Open Source Does Not Equal Secure

| | Cybersecurity, open source, Security Engineering, Uncategorized
Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy ...
Schneier on Security
Raspberry Pi sensors for home networks

Who’s your fridge talking to at night?

| | Announcements, Corelight@Home, COVID-19, Elastic, home networks, Humio, Industry, json, Kafka, Linux, NDR, network security monitoring, open source, Raspberry Pi, redis, SANS, Seth Hall, Splunk, Suricata, syslog, TCP, Zeek
By Gary Fisk, Sales Engineer, Corelight I love origin stories – the tales of grand plans, unforeseen circumstances, and necessity that creates something new. These strange times have resulted in something new ...
Bright Ideas Blog
Linux

Why Linux Should Factor Into Your Security Strategy

| | cyberthreats, Linux, open source, Operating System
Linux is a pervasive operating system—and for good reason. It’s lightweight, flexible, multi-architecture supportive and open source, all leading to loads of opportunity. Today, Linux-based systems run servers, mainframes, routers, smart cars, ...
Security Boulevard
New Radicals - You Get What You Give (Official Video)

Shine Theory / DevOps / Community

| | AppSec, Coding, community, confusianism, culture, DEVOPS, DevSecOps, open source, pay it forward, philosophy, rancher, security, shine theory, the allusionist
A podcast called The Allusionist (hosted by Helen Zaltzman) crossed my path that provided me with a light-bulb moment. The podcast focuses on language and etymology. This particular episode contextualised that focus ...
Codifyre
open source security

Who Owns Open Source Security?

| | codebase, open source, Open Source Community, Vulnerabilities
According to a recent report by the Internet Security Forum, open source software (OSS) is quickly becoming a pillar within enterprise infrastructure. In fact, OSS is now used in 99% of commercial ...
Security Boulevard
New Study Finds 75% of Codebases Have Vulnerabilities

New Study Finds 75% of Codebases Have Vulnerabilities

| | Application Security, AppSec, Cyber Security, open source, Uncategorized
A new report and study, the 2020 Open Source Security and Risk Analysis report examined audit data from 1,250+ commercial codebases to examine how organizations are using open source code. The post ...
K2io
open source security

Linux Foundation Addresses Open Source Security

| | Linux Foundation, open source
The Linux Foundation announced this week it has launched yet another consortium, this time in the hopes of bringing some order to multiple previous efforts to address open source security. The Open ...
Security Boulevard

Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)

| | BIG-IP, cisa, Corelight Labs, CVE-2020-5902, CVE10, f5, GitHub, http, HTTPS, NCC Group, open source, rce, Remote Code Execution, Sigma, Suricata, Uncategorized, Zeek
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
Bright Ideas Blog

How to Better Navigate the World of DevSecOps with Sonatype and Saltworks Security

| | open source, Partners, Post security/devsecops, saltworks
Recently we partnered with Orasi Software and Saltworks Security to discuss how organizations are using open source software. Saltworks’ Founder and CEO, Dennis Hurst and Sonatype’s, Maury Cupitt, VP, Solutions Architecture, sat ...
Sonatype Blog

Ripple20 Zeek package open sourced

| | Corelight Labs, GitHub, ICS, iot, JSOF, open source, Open Source Community, Ripple20, TReck, Zeek
By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain ...
Bright Ideas Blog
Load more