We have many clients who have their own software or have custom software on their website or web apps written for them by developers. These developers may or may not reuse code or modules written by third party developers and sourced through a software repository – such as GitHub or …
Software supply chain weaknesses
Software and code repositories are a great resource for web and software developers – they save time, client’s money and get quality modules for their projects. GitHub is one of the most popular – with many major software players using it to develop their code and other developers, large and …
GitHub – probably one of the biggest targets for threat actors
GitHub is one of the most popular software repositories so it stands to reason that threat actors will always be searching for ways in as infecting code at source that is then reused in multiple applications is a cost-effective way to run a cyber attack. GitHub has just patched a …
Continue reading “GitHub – probably one of the biggest targets for threat actors”
Google elite bug bounty program
I have written before about how good “bug bounties” are for improving everyone’s cyber security, rewarding the white hat hackers and researchers for their work. The Open Source Software Vulnerability Rewards Program (OSS VRP) Now Google has launched a bug bounty program that rewards the ethical technologists for finding and …
Our trust in public code – UPDATED 24 May 2022
The original post was made on 12 May 2022 Update 24 May 2022 Python is a popular coding language and many code libraries exist to make the programmer’s life a little easier. But as indicated in the articles below if that open source code becomes popular, then it also becomes …
Continue reading “Our trust in public code – UPDATED 24 May 2022”
Tampering with open source software
Recently the security of open source software has been questioned, particularly with respect to Linux vulnerabilities that have a huge impact due to Linux’s use as internet infrastructure. When volunteer coders are keeping the software secure – who takes responsibility. Steps have started to be taken to increase the security …
Log4j and open source software security – Google Cloud report
If you are involved in software development or use open source software, this article from the Google Cloud team, makes for interesting reading and can add some clarity to using this type of resource. Cloud CISO Perspectives: December 2021 | Google Cloud Blog