Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

New Synopsys Black Duck® engagement summary report summarizes a breadth of insights across all domains of software due diligence.

Open-source cybersecurity tools offer a prime solution for independent security experts, emerging businesses, and even medium to large enterprises aiming to tailor their security framework. These tools serve as a foundational platform for fostering security advancements, integrating proprietary software code and security automation scripts.

You don’t need us to tell you that open source software is becoming a very significant percentage of commercial software codebases. Open source components are free, stable, and enable you to focus your resources on the innovative and differentiated aspects of your work. But as the use of open source components increases, compliance with open source licenses has become a complex project of growing importance. So how can you stay on top of compliance and what tools are out there to help?

You may have heard that 1Password beta testers can sign into websites using passkeys stored in their vaults. We’re actively developing the internal library powering passkey authentication, and now we’re open-sourcing it!

Numerous inventive security solutions offered by open source software (OSS) remain untapped by the U.S. government. OSS refers to software for which the source code is accessible, allowing for its use, modification, and distribution. Dynamic OSS projects yield swift advancements and promote inclusive development, rendering them more adaptable to specialized demands. In cases where adjustments are necessary, the code can be accessed and modified accordingly.

It is not very often that we see cybersecurity vendors put aside competitive differences and ambitions to work towards a common goal that benefits the entire cybersecurity community. The Open Cybersecurity Schema Framework (OCSF) has shown to be an example of a productive industry-wide collaboration to facilitate a more secure environment for businesses, governments and individuals all over the globe.

In the pursuit of advancing security and transparency in the digital asset industry, Fireblocks has published our MPC-CMP code as open source under a limited license, along with the rest of our MPC library. As the demand for digital asset custody, tokenization, and Web3 among retail and financial institutions continues to rise, Fireblocks MPC-CMP has proven to be the most secure and reliable key management protocol.