Black Duck’s Security Checker to help developers scan open source code

|

Black Duck Software has just launched free tool Security Checker which will allow devs to determine whether open source vulnerabilities exist in any of the parts they are using to build apps and easily check code base for any vulnerabilities.  “It scans the code in an uploaded archive file or Docker image and provides a report showing the identified open source code and known bugs. The maximum file size for a Security Checker scan is 100 MB, and it takes about 15 minutes from start to finish, according to Black Duck,” according to TechNewsWorld.

A few days ago we posted an article about how weak and similar passwords chosen by a lot of people increase their vulnerability to get their accounts hacked for good. Encrypting someone’s password, especially if it is way too common is just a piece of cake for anyone determined to do so.

As the situation seems alarming, organizations, companies, researchers, and so on,  are getting involved into discovering a way to decrease the vulnerability of personal accounts, HTTPS servers, etc. Black Duck Software’s Security Checker is just another tool that will help prevent vulnerable apps since the very start, by giving developers the opportunity to be aware of any vulnerability they may encounter along the way.

"Users select and scan an archive or image of their choice and within minutes receive a detailed report providing them with a full listing of open source components and vulnerabilities, including severities, descriptions, CVE numbers and links to additional information in the National Vulnerability Database," said for TechNewsWorld Patrick Carey, director of product management for Black Duck.

Not a long ago, 3.5 million HTTPS servers were estimated to be vulnerable to Decrypting RSA with Obsolete and Weakened eNcryption (DROWN), in a report by security researches on the vulnerability.

Aiming to gain personal communications between users and the server, including passwords, credit card numbers, usernames, e-mails, messages, important documents, etc., the attackers of HTTPS servers “can also impersonate a secure website and intercept or change the content the user sees.” Among the approximate number of 3.5 million or 33% of all HTTPS servers at risk, are websites, mail services, popular sites, etc.

The report has raised awareness that third parties may reveal encrypted communications and that anyone must take action to prevent becoming a victim of this attack.

“Use of open source in application development is widespread, according to the report, which highlighted the challenges of securing and managing the open source in use. Sixty-seven percent of audited applications contained known open source security vulnerabilities, more than a third of the bugs identified were severe, and 10 percent of the applications contained the Heartbleed vulnerability, the report found,” according to TechNewsWorld.

Some weeks ago MIT researchers at Massachusetts Institute of Technology (MIT) after testing 50 popular Web apps written in RoR discovered 23 security flaws that were previously unknown. 


Silvae Technologies Ruse, Bulgaria

44B Borisova Str.
7012, Ruse, Bulgaria

Silvae Technologies Brussels, Belgium

1000 Brussels, Belgium