Security risks from memory unsafe languages are the most dangerous class of vulnerabilities in software today, according to a report on Memory Safety in Critical Open Source Projects – Learn how more than half of critical open source projects contain code written in a memory-unsafe language: https://lnkd.in/gSe7Gkf6
Cybersecurity and Infrastructure Security Agency’s Post
More Relevant Posts
-
CISA: Most critical open source projects not using memory safe code The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that most crucial open-source projects are prone to memory flaws. Their research analyzed 172 prominent open-source projects, highlighting the ongoing need for robust memory-safe coding practices in open-source software.
CISA: Most critical open source projects not using memory safe code
bleepingcomputer.com
To view or add a comment, sign in
-
Many important open source projects are at risk due to using memory-unsafe languages, found in over half (52%) of them, according to a recent analysis by CISA and partners. These languages can lead to security issues like buffer overflows. Experts suggest switching to safer options like Rust to reduce these risks. Governments are working with the community to improve software safety standards, aiming for a shift towards more secure programming languages across the industry. Read the full article on Infosecurity Magazine by James Coker for detailed insights 🔗 https://lnkd.in/gSe7Gkf6 Follow our page Start With WCPGW 🔔 #SoftwareSecurity #OpenSource #Rust #MemorySafety #Cybersecurity #startwithwcpgw #wcpgw #infosec #technology
Majority of Critical Open Source Projects Contain Memory Unsafe Code
infosecurity-magazine.com
To view or add a comment, sign in
-
A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software (OSS) projects. #cybersecurity #cisa #oss #opensource
CISA's Flags Memory-Unsafe Code in Major Open Source Projects
darkreading.com
To view or add a comment, sign in
-
🔒 Peneto Labs Update: CISA Highlights Open Source Vulnerabilities 🔒 The Cybersecurity and Infrastructure Security Agency (CISA) reports that most critical open source projects are not using memory-safe code. This oversight increases the risk of vulnerabilities and potential exploits in widely-used software. Developers and organizations are encouraged to prioritize memory safety in their code to enhance security and protect against threats. Stay proactive in securing your projects. Read More: https://lnkd.in/gQqXNNy4 #CyberSecurity #OpenSource #CISA #PenetoLabs #MemorySafety #SecureCoding #SoftwareSecurity
CISA: Most critical open source projects not using memory safe code
bleepingcomputer.com
To view or add a comment, sign in
-
Recently OpenSSF shared an excellent blog calling out an attempted social engineering attempt where individuals were attempting to gain maintainer rights over a project, but were exhibiting behavior that was clearly counter to normal given the request(s) being made. There is clearly a new pattern emerging (though in reality it has always been here) around compromising the software supply chain at the most foundational level. This further reinforces that the security industry must react properly to this activity and focus on software supply chain security in a holistic manner, not just at the source code level, but also at the compiled code level and not just looking for malware. Great write up Omkhar Arasaratnam and Robin Bender Ginn! #supplychainsecurity https://lnkd.in/gUV6sKrz
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
https://openssf.org
To view or add a comment, sign in
-
This weekend, an attempt to implement a backdoor on the global IT infrastructure was narrowly thwarted. The backdoor was introduced into an obscure, but crucial, piece of open source software maintained by one lone overworked developer in Finland. The threat actor abused this fact to gain their trust over several years, employing all manner of social engineering and pressures to get them to give up control of their project. Rob Mensching had some great insights on how the social engineering was done in his blog (linked below). While the technical aspects of the backdoor and how it was implemented get most of the headlines, the social engineering aspects employed should not be forgotten. Is it sustainable and safe that we rely on free work from lone developers to maintain crucial parts of the global IT infrastructure? How can the open source community prevent these attacks in the future? #cybersecurity #opensource #xz #xzbackdoor
A Microcosm of the interactions in Open Source projects
robmensching.com
To view or add a comment, sign in
-
Interesting points re: software vulnerability reporting. "While many of the CVEs are filed in good faith by responsible researchers and represent credible security vulnerabilities, a recently growing pattern involves newbie security enthusiasts and bug bounty hunters ostensibly 'collecting' CVEs to enrich their resume rather than reporting security bugs that constitute real-world, practical impact from exploitation." https://lnkd.in/dVMFnXA2
Dev rejects CVE severity, makes his GitHub repo read-only
bleepingcomputer.com
To view or add a comment, sign in
-
Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling
🚨 Rise in Bogus CVE Reports Against Open Source Projects Recently, the ‘node-ip’ project was archived by its developer, Fedor Indutny, due to a disputed CVE report, making the repository read-only. This follows a trend in the rise of questionable vulnerability reports against open-source projects. Top 3 takeaways: 📈 There has been an increase in questionable CVE reports, causing unnecessary panic and workload for developers. 😤 Developers like Indutny and Daniel Stenberg of ‘curl’ have expressed frustration over these reports, which often lack real-world impact. 🛡️ The challenge lies in balancing the need for security disclosures with preventing burnout among open-source developers. #cybersecurity #news #developers #vulnerabilities #opensource #kraven #KravenSecurity #adamgoss #cti #threatintelligence
Dev rejects CVE severity, makes his GitHub repo read-only
bleepingcomputer.com
To view or add a comment, sign in
-
The most interesting thing form me in the recent discovery of the xz/liblzma vulnerability is that in addition to provide remote code execution to hostiles it's also an example of a cleverly crafted supply chain attack that began as a social engineering attack almost two years ago. Here is an enlightening reconstruction by Rob Mensching: https://lnkd.in/dAgmNhKH #cybersecurity #vulnerability #ssh #linux #security
A Microcosm of the interactions in Open Source projects
robmensching.com
To view or add a comment, sign in
-
Memory-Safe Code: A Cybersecurity Must [#CyberSecurity #OpenSource] 🔐 Key Findings from the CISA Report: - Only 25% of critical open-source projects utilize memory-safe code. - Memory-unsafe codes like C and C++ still dominate, posing security risks such as buffer overflows. The urgency for open-source maintainers to adopt memory-safe coding practices is clearer than ever to fortify cybersecurity defenses. ✨ Do you think transitioning to memory-safe languages is feasible for most open-source projects? How can the cybersecurity community support this shift? #SoftwareDevelopment #DataSecurity #TechLeaders #InfoSec #Programming Explore the full analysis here: https://lnkd.in/gr273qsk
CISA: Most critical open source projects not using memory safe code
bleepingcomputer.com
To view or add a comment, sign in
More from this author
-
Cyber Defense Education & Training - President’s Cup Awards Ceremony
Cybersecurity and Infrastructure Security Agency 1mo -
Government’s Top Cybersecurity Competition Announces Winners
Cybersecurity and Infrastructure Security Agency 3mo -
NFL Promotes Importance of Cybersecurity to Las Vegas Small Businesses
Cybersecurity and Infrastructure Security Agency 5mo