I have written before about how good “bug bounties” are for improving everyone’s cyber security, rewarding the white hat hackers and researchers for their work. The Open Source Software Vulnerability Rewards Program (OSS VRP) Now Google has launched a bug bounty program that rewards the ethical technologists for finding and …
US Cybersecurity and Infrastructure Security Agency security advisories
The US Government’s CISA has released a range of security advisories, including updates required for VMware: VMware Releases Security Update | CISA CISA Updates Advisory on Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite | CISA CISA has also been issuing advice for industrial systems. If you use these …
Continue reading “US Cybersecurity and Infrastructure Security Agency security advisories”
How secure is open source software? Do you use open source software or have software written for you? If so read on… UPDATED
When we undertake any cyber security survey, and we ask about software, we know the greatest amount of work we will have to do, is when the client says “we had this written for us” or we use this “open source software”. (We will not get into Android apps or …
GitHub to require 2FA for all users by end of 2023!
GitHub is a valuable resource to software developers and so it is a key tool being used in many software supply chains. And we now know how vulnerable we all are to software supply chain hacking – look at this example. So my response when I saw this was the …
Continue reading “GitHub to require 2FA for all users by end of 2023!”
Developers beware! Attacks on the code supply chain
The security team at the open source repository, NPM, have removed 17 malware infected Java Script libraries from their servers. This is important as many code developers depend on the trust of NPM to develop application that we all use, and if they use infected code, then that will be …
Continue reading “Developers beware! Attacks on the code supply chain”