IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [opensource]

Open source is a term used for software whose source code is made available. Software distributed under Open source license allow the users to study, debug and improve the software with certain rights preserved for the copyright holder.

165 questions
5
votes
1 answer

How can WhatsApp be listed on the EFF secure application toolset when it's not opensource?

I see this EFF tool guide, proposing WhatsApp as one of "our pick of the best, most secure applications" source. How can WhatsApp be trusted as a secure application when it is not open-source (according to Wikipedia: "license: freeware"), in…
Marinos An
  • 191
  • 6
5
votes
0 answers

Open source KMIP Server in a production-level environment

I need to use a KMIP server for a project and searched for an open source solution. The only viable options I found are PyKMIP (https://github.com/OpenKMIP/PyKMIP) and KMIP4J (https://sourceforge.net/projects/kmip4j/). The problem with PyKMIP is…
Chris
  • 51
  • 3
5
votes
4 answers

What is the use of disabling detailed exception pages on open-sourced apps?

Frameworks for web apps typically can run in either production mode or development mode. One of the major differences between the two modes is how exceptions are handled: in development mode the browser will typically be sent a detailed exception…
gaazkam
  • 5,607
  • 11
  • 24
  • 37
5
votes
1 answer

Could the unused Mali GPU in the Libre Tea Computer Card be a security risk?

The Libre Tea Computer Card is a single-board computer that comes without any proprietary software (at least that’s the goal, it’s currently in crowdfunding): […] all firmware and kernel sources are GPL-licensed and will always remain so, and have…
unor
  • 1,769
  • 1
  • 19
  • 38
5
votes
1 answer

Can open source software be digitally signed?

I've read that installing Linux on UEFI PCs requires additional steps to disable the requirement for digitally signed bootloaders. But I thought that open source software can be digitally signed by using the private key to sign the source code and…
genealogyxie
  • 431
  • 3
  • 13
5
votes
1 answer

Quantitative Security Analysis of Open Source Repos like CRAN and NPM

Is anyone aware of any quantitative analysis or research on the security of CRAN or NPM? e.g. How much malware is hosted, rate of compromise, speed to close, number of attack vectors, CERT reports etc etc. I'm trying to get a sense of the level of…
Colin
  • 181
  • 4
4
votes
4 answers

Is it secure to have source code for website public?

I am working on a website and would like to have it under revision control. I have used git for earlier projects before and I like it. This project though is a website written in Django. I am totally for open source, but I am wondering if it would…
mseln
  • 151
  • 1
  • 6
4
votes
1 answer

Is it bad practice to add an encrypted private key to source control?

I understand that it is bad practice to add passwords and secret tokens to source control, with obvious implications arising if you are working on an open-source or related project. Rather, you should store them as environment variables. However,…
sffc
  • 143
  • 4
4
votes
3 answers

How can you know what is distributed with your Linux

I'm curious, in theory, how can one know if for example kernel that is distributed with Ubuntu Linux is really what is on https://github.com/torvalds/linux and not some modified kernel which contains tracking code etc... I mentioned Kernel just as…
umpirsky
  • 143
  • 3
4
votes
1 answer

auditing open source compiler binaries for trojans

It is a well known vulnerability that a properly altered compiler binary can transfer itself to new binaries of the compiler, and still be entirely absent from the source code. But how real is this possibility? Has there been any attempt to audit…
lurscher
  • 1,200
  • 1
  • 10
  • 14
4
votes
5 answers

Building a Security Training Simulation environment

My university is keen to build a security training simulation environment/platform and it will be a good learning experience for students. I Googled around to find out how it is built, but I only ended up with recommendations for a VirtualBox or…
Ken Adams
  • 61
  • 1
  • 3
4
votes
2 answers

Is the ISO/IEC 27001 standard incompatible with free/open source software?

The ISO/IEC 27000-series of standards lay out how to create and manage an information security management system (ISMS). The ISO/IEC 27001 document provides the main body of the standard and is augmented by a number of sector-specific guideline…
08915bfe02
  • 179
  • 5
4
votes
2 answers

Should things like project IDs, cloud region IDs etc be kept secret on an open source project?

All my side project are open source - just using the free Github account. I'm wondering about how security conscious I need to be about keep things like: Google Cloud Platform Project IDs Log Rocket project IDs Logging email addresses hidden on…
dwjohnston
  • 707
  • 5
  • 20
4
votes
3 answers

Is it safe to use this embedded ftp server?

We are using a software suite for automation of FTP traffic. It uses the Apache Mina FtServer component as an embedded FTP server (for FTPS and SFTP). The use of this library has been flagged as a security concern. The reasoning given was the age of…
oɔɯǝɹ
  • 528
  • 2
  • 6
  • 18
4
votes
1 answer

Any historical precedent for Open-Source libs as an attack vector?

I'm curious as to whether there are any noteworthy cases historically of people deliberately placing exploits in open-source code libraries used by others, either something relatively obvious with the hope nobody will check, or with something…
Kevin Dolan
  • 141
  • 2
1 2 3
10 11