• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
google launches largest distributed database of open source vulnerabilities

Google Launches Largest Distributed Database of Open Source Vulnerabilities

You are here: Home / General Cyber Security News / Google Launches Largest Distributed Database of Open Source Vulnerabilities
December 13, 2022

Google on Tuesday declared the open source availability of OSV-Scanner, a scanner that aims to offer you easy entry to vulnerability information about several tasks.

The Go-based resource, run by the Open up Supply Vulnerabilities (OSV) databases, is designed to link “a project’s listing of dependencies with the vulnerabilities that influence them,” Google computer software engineer Rex Pan in a publish shared with The Hacker Information.

“The OSV-Scanner generates reliable, substantial-excellent vulnerability information and facts that closes the gap among a developer’s checklist of offers and the information in vulnerability databases,” Pan extra.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

The notion is to discover all the transitive dependencies of a project and emphasize related vulnerabilities making use of details pulled from OSV.dev databases.

Google further mentioned that the open resource platform supports 16 ecosystems, counting all key languages, Linux distributions (Debian and Alpine), as properly as Android, Linux Kernel, and OSS-Fuzz.

The result of this growth is that OSV.dev is a repository to far more than 38,000 advisories, up from 15,000 security alerts a calendar year ago, with Linux (27.4%), Debian (23.2%), PyPI (9.5%), Alpine (7.9%), and npm (7.1%) taking up the top 5 slots.

As for the future measures, the internet big noted it’s functioning to integrate assistance for C/C++ flaws by setting up a “superior high-quality databases” that requires including “specific dedicate degree metadata to CVEs.”

OSV-Scanner arrives almost two months right after Google launched GUAC – limited for Graph for Comprehending Artifact Composition – to enhance Offer chain Amounts for Computer software Artifacts (SLSA or “salsa”) as portion of its efforts to harden software package provide chain security.

Past week, Google also posted a new “Perspectives on Security” report contacting on businesses to build and deploy a popular SLSA framework to prevent tampering, improve integrity, and safe packages versus potential threats.

Other suggestions laid out by the business contain having on supplemental open up supply security duties and adopting a far more holistic approach to addressing risks such as individuals introduced by the Log4j vulnerability and the SolarWinds incident in latest many years.

“Software program offer chain attacks commonly involve strong specialized aptitude and lengthy-phrase determination to pull off,” the company reported. “Advanced actors are additional possible to have both the intent and capacity to conduct these varieties of attacks.”

“Most companies are vulnerable to application supply chain attacks mainly because attackers just take the time to concentrate on third-party vendors with trustworthy connections to their customers’ networks. They then use that belief to burrow further into the networks of their supreme targets.”

Located this short article fascinating? Comply with us on Twitter  and LinkedIn to browse far more exceptional content material we put up.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Twitter Addresses November Data Leak Claims
Next Post: New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products new actively exploited zero day vulnerability discovered in apple products»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.