• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

New Google Tool Helps Devs Root Out Open Source Bugs

You are here: Home / General Cyber Security News / New Google Tool Helps Devs Root Out Open Source Bugs
December 14, 2022

Google has launched a new free resource which it hopes will radically improve the security of code compiled from open up resource dependencies – a expanding resource of risk for corporations.

OSV-Scanner is effectively the front-stop to Google’s OSV (Open Source Vulnerability) databases, which is designed to gather bug facts from all the diverse open up supply ecosystems in just one put.

The new tool lets builders to scan their dependencies and code for bugs stated in the database and obtain fast comments on no matter whether patches or updates are needed, Google program engineer, Rex Pan described.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Crucially, the resource starts by discovering all of a project’s transitive dependencies, by analyzing manifests, program expenditures of elements (SBOMs), documents and dedicate hashes.

A report out this week claimed that transitive or indirect dependencies account for close to 95% of all open source vulnerabilities. Still they’re generally missed because of to the complexity of relationships concerning elements and a absence of visibility into these ecosystems.

Pan advised a number of benefits the Google software has above closed resource databases and scanners:

  • Each and every advisory comes from an “open and authoritative source” (e.g. the RustSec Advisory Database)
  • The OSV.dev database is the biggest of its kind, supporting 16 open up resource ecosystems and serving up about 38,000 advisories
  • Any one can counsel improvements to advisories, maximizing the good quality of the databases
  • The OSV format merchants details on afflicted versions in a equipment-readable structure that maps on to a developer’s list of offers
  • Builders get fewer, more actionable vulnerability notifications, decreasing the time essential to take care of them, thanks to these capabilities

The subsequent stage will be to convince the developer community to make use of the software.

A Sonatype report from October uncovered that 68% of corporations felt self-assured that their programs are not employing vulnerable libraries. Yet a random sample of business applications confirmed that 68% contained identified vulnerabilities.

Editorial credit history icon image: TY Lim / Shutterstock.com


Some sections of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News Loan Fee Fraud Surges by a Fifth as Christmas Approaches
Next Post: Beyond Identity strikes up strategic partnership with World Wide Technology beyond identity strikes up strategic partnership with world wide technology»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.