Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Open Source Analysis Extends Your Visibility

When we think of open source analysis, security is often the first thing that comes to mind. But open source analysis is so much more than just security. It gives you visibility into your codebase to help you understand and manage your open source components. In this blog, we’ll define open source analysis, look at why it’s important to your business, and describe the characteristics of an effective open source analysis framework.

Security Audit Results for Our Open Source Products

We now live in an era where the security of all layers of the software stack is immensely important, and simply open sourcing a code base is not enough to ensure that security vulnerabilities surface and are addressed. At Gravitational, we see it as a necessity to engage a third party that specializes in acting as an adversary, and provide an independent analysis of our sources.

Open Source Organizational Culture

I am not an engineer. I’m a director of human resources. I don’t work in a technical space, but the concept of open source is fascinating to me as it applies to organizational culture. A company like Gravitational that has intentionally chosen open source as a foundation for our work makes not only a technical decision, but a cultural one. We’re finding that employees and candidates care deeply and appreciate our choice. Open source is a big deal for us.

Red Teaming for Blue Teamers: A Practical Approach Using Open Source Tools

For the majority of people in the information security world, the act of offensive hacking is something they are tasked with protecting against but have little ability to do themselves. That is like asking a professional boxer to enter the ring without knowing how to throw a punch. Sure, you may be able to get in and last a few rounds, but eventually, a formidable opponent will wear you down and knock you out.

Things You Need to Know About Open Source - The FAQ Edition

Open Source projects can be a great asset, or they can be a curse – it’s all in how you manage it. To be successful in using open source, there are several things to keep in mind, from licensing to updates. And if you ignore any of them, it can cause problems. Here are some things to consider.

There's no such thing as 100% secure

When Gronk the caveperson chipped out the first wheel from a slab of granite only to watch it roll away down a hill at some speed, he discovered we could build things to make our lives easier. We took this idea and ran with it, and now we have internet connected shoes. However, we also have cybercrime, data theft, phishing, scams, ransomware... the list goes on.

Information on open source vulnerabilities is as distributed as the community

Nothing gets the AppSec / InfoSec community abuzz quite like a good old 0-day vulnerability. I mean, what’s not to love here? These vulnerabilities involve the thrill of adversaries knowing something we don’t, giving them a path to sail through our defenses to break into that sweet data inside. They are the James Bond of the security space — suave, sexy, and deadly.

Apache Struts Vulnerabilities vs Spring Vulnerabilities

Developers the world over depend on the Apache Struts open source framework to build valuable and powerful applications. This open source component and the Apache Software Foundation that stands behind it have provided organizations with a cost-effective force multiplier that allows their teams to develop faster and more efficiently. A very active project, GitHub shows Apache Struts as having 5,441 commits and 112 releases.

Quick Install of Forseti Security on Google Cloud Platform

Forseti Security is open source security tool built for Google Cloud Platform. It can keep track of your environment, monitor your policies and even enforce in the future. The install is pretty simple since it’s contained within a Deployment Manager template. Deployment Manager automates infrastructure deployments of Google Cloud Platform resources. I’m going to highlight some of the notes from the official Forseti documentation in this post for completeness.

With Forseti, Spotify and Google release GCP security tools to open source community

Being able to secure your cloud resources at scale is important for all Google Cloud Platform users. To help ensure the security of GCP resources, you need to have the right tools and processes in place. Spotify and Google Cloud worked together to develop innovative security tools that help organizations protect GCP projects, and have made them available in an open source community called Forseti Security. Forseti is now open to all GCP users!