CSOonline

Open source vulnerability scanner found with a serious vulnerability in its own code

The flaw could allow attackers to bypass Nuclei’s template signature verification process to inject malicious codes into host systems. A widely popular open-source tool, Nuclei, used for scanning ...
InfoQ

How GitHub Uses Machine Learning to Extend Vulnerability Code Scanning

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
InfoWorld

How to detect the Log4j vulnerability in your applications

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...
ZDNet

Google open-sources Tsunami vulnerability scanner

Google has open-sourced a vulnerability scanner for large-scale enterprise networks consisting of thousands or even millions of internet-connected systems. Named Tsunami, the scanner has been used ...
Dark Reading

Improving the Vulnerability Reporting Process With 5 Steps

Vulnerability reports come at open source project maintainers from all directions with varying levels of quality and detail — from public project issues to emailed reports, and sometimes even through ...