Google’s latest scorecard tool scans open-source software for security risks
1 July 2021
The updated version of Google Scorecard produces a “Risk Score” for open-source software with improved checks and capabilities to make the data accessible for analysis. The update comes with features like, checks for contributions from malicious authors or compromised accounts that can introduce potential backdoors into code. Use of fuzzing (e.g., OSS-Fuzz), and static code analysis tools (e.g., CodeQL), signs of CI/CD compromise, and bad dependencies
Back to all news Read moreOther news
- OpSec Security completes acquisition of Zacco18 April 2023
- OpSec Security announces it has signed a definitive agreement to acquire Zacco4 April 2023
- A ’hands-on’ approach and insight into Information Security: Welcome, Richard Berg!20 January 2023
- Facebook will shell out $725 million to resolve the Cambridge Analytica data leak lawsuit26 December 2022
- Microsoft receives a €60 million fine from France for using advertising cookies without user consent.26 December 2022
- FTC Penalizes Epic Games, the maker of Fortnite, $275 Million for Breaking Children’s Privacy Law26 December 2022
- 400 million user records from Twitter that were leaked are now for sale.26 December 2022