An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications that rely on it. But that may be just the tip of the iceberg, researchers warn.
Tag: open source
The work of vulnerability research has changed a lot in the last two decades. In this episode, Security Ledger Podcast host Paul Roberts chats with the independent researcher known as “Sick Codes” about the growing risk of open source supply chain hacks, his method for bug hunting and what projects are in the pipeline for 2021.
The good news: open source software is nearly universal. The bad news: half of source code repositories contains open source code containing high-risk vulnerabilities, according to a new report released by the firm Synopsys.
Episode 176: Security Alarms in Census II Open Source Audit. Also: The New Face of Insider Threats with Code42
Joe Payne the CEO of Code42 joins us to talk about how the challenge of data breach prevention is changing. And: we do a deep dive on the recent Census II audit of open source.
Though the companies named in a blockbuster Bloomberg story have denied that China hacked into Supermicro hardware that shipped to Amazon, Apple and nearly 30 other firms, a recent demonstration at hacking conference in Germany proves the plausibility of the alleged hack.