🕵️♂️ Embarking on your journey and learning how to contribute to open source is an exciting step towards honing your programming skills, collaborating with experts, and giving back to the global developer community. However, the challenge often lies in finding the right project to kickstart your open-source journey.
Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.
Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.
You don’t need us to tell you that open source software is becoming a very significant percentage of commercial software codebases. Open source components are free, stable, and enable you to focus your resources on the innovative and differentiated aspects of your work. But as the use of open source components increases, compliance with open source licenses has become a complex project of growing importance. So how can you stay on top of compliance and what tools are out there to help?
You may have heard that 1Password beta testers can sign into websites using passkeys stored in their vaults. We’re actively developing the internal library powering passkey authentication, and now we’re open-sourcing it!