CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government.
The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek.
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space.
The post Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech appeared first on SecurityWeek.
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order.
The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek.
NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workloads.
The post NCC Group Releases Open Source Tools for Developers, Pentesters appeared first on SecurityWeek.
Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.
The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on SecurityWeek.
OpenSSF has added four new members and is receiving $5 million in funding for its Alpha-Omega open source software security project.
The post OpenSSF Receives $5 Million for Open Source Software Security Project appeared first on SecurityWeek.
Data security firm Satori has released a free and open source tool designed to help organizations find out who has access to what data and how.
The post Satori Releases Open Source Data Permissions Scanner for Enterprises appeared first on SecurityWeek.
Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).
The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Israeli startup Oligo Security raises $28 million to build technology to detect and mitigate open source code vulnerabilities.
The post Oligo Security Exits Stealth with $28M for AppSec, Open Source Security appeared first on SecurityWeek.
The OpenSSL Project on Tuesday shipped a major security update to cover at least eight documented security flaws that expose OpenSSL users to malicious hacker attacks.
The most serious of the bugs, a type confusion issue tracked as CVE-2023-0286, may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or launch denial-of-service exploits.
The OpenSSL maintainers slapped a high-severity rating on the flaw but notes that the vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
Organizations running OpenSSL versions 3.0, 1.1.1 and 1.0.2 are urged to apply available upgrades immediately.
The open-source project also documented seven moderate-severity issues that require urgent attention.
According to an OpenSSL advisory, these include:
The group also patched multiple memory corruption issues that exposes OpenSSL users to denial-of-service conditions.
Related: OpenSSL Flaw Severity Downgraded From Critical to High
Related: OpenSSL Vulnerability Can Be Exploited to Change Application Data
Related: High-Severity DoS Vulnerability Patched in OpenSSL
Related: OpenSSL Patches Remote Code Execution Vulnerability
The post OpenSSL Ships Patch for High-Severity Flaws appeared first on SecurityWeek.
