Google’s latest scorecard tool scans open-source software for security risks
1 July 2021
The updated version of Google Scorecard produces a “Risk Score” for open-source software with improved checks and capabilities to make the data accessible for analysis. The update comes with features like, checks for contributions from malicious authors or compromised accounts that can introduce potential backdoors into code. Use of fuzzing (e.g., OSS-Fuzz), and static code analysis tools (e.g., CodeQL), signs of CI/CD compromise, and bad dependencies
Back to all news Read moreOther news
- A ’hands-on’ approach and insight into Information Security: Welcome, Richard Berg!20 January 2023
- Facebook will shell out $725 million to resolve the Cambridge Analytica data leak lawsuit26 December 2022
- Microsoft receives a €60 million fine from France for using advertising cookies without user consent.26 December 2022
- FTC Penalizes Epic Games, the maker of Fortnite, $275 Million for Breaking Children’s Privacy Law26 December 2022
- 400 million user records from Twitter that were leaked are now for sale.26 December 2022
- Leading Payment Systems exposed over 9 million credit cards19 December 2022
- Former Twitter employee given a 3.5-year prison term for espionage on Saudi Arabia’s behalf19 December 2022