🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

I'm not a fan of using SBOMs for vulnerability response. It can be argued that they are better than nothing - but I'm not so sure. Their flaws make them costly, siphoning resources away from better-targeted work. [1/4]

The CVSS Special Interest Group is proud to announce the official release of CVSS v4.0 - first.org/cvss/. This latest version of CVSS seeks to provide all users with the highest fidelity vulnerability assessment. #FIRSTdotOrg #CVSS #BuildingTrust #PSIRT #CSIRT

⚗️ localtoast Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner. github.com/google/localto…

Are you passionate about expanding the capabilities of the Tsunami network scanner, and would like to help keep AI infrastructure secure? See our blog post for details on getting involved and how your efforts will be rewarded 💸! bughunters.google.com/blog/569189023… bughunters.google.com/blog/569189023…

Tsunami wants to be the best platform for scanning your AI infrastructure. Come join the party. bughunters.google.com/blog/569189023…

⚒️ SCALIBR (Software Composition Analysis Library) An extensible file system scanner used to extract software inventory data (e.g. installed language packages) and detect vulnerabilities By Google github.com/google/osv-sca…

I wish we could deprecate javascript: URIs which are one of the few remaining XSS vectors for modern SPAs. Until then we can use CSP to disable javascript: URIs. Here's a prototype for a refactoring free strict & hash-based CSP that does that: github.com/google/strict-…

OSV-SCALIBR: A library for Software Composition Analysis: ift.tt/XrvxnOD by Google Online Security Blog #infosec #cybersecurity #technology #news

OSV-SCALIBR: A library for Software Composition Analysis security.googleblog.com/2025/01/osv-sc…

Google releases OSV-SCALIBR, an open source library for software composition analysis and file system scanning. securityweek.com/google-release…

Google’s New OSV-SCALIBR: Your Software’s Superhero or Just Another Sidekick? Hot Take: Google's OSV-SCALIBR: Because keeping tabs on your software vulnerabilities should be as easy as keeping tabs on your ex's Instagram story. With this new tool, Google is basically saying,

Google has launched OSV-SCALIBR, an open-source library for software composition analysis! It identifies vulnerabilities and generates SBOMs, supporting various OS and languages. 🛡️🔍 #OpenSource #Google #SoftwareSecurity #CybersecurityNews link: ift.tt/qE5l48z

"OSV-SCALIBR combines Google’s internal vulnerability management expertise into one scanning library with significant new capabilities ..." security.googleblog.com/2025/01/osv-sc… < it's open source, and you can use what Google uses for software composition analysis

Protect your systems from leaked credentials! 🚨 We're excited to announce Veles, a new open-source secret and credential scanner from Google. Veles helps you find and fix sensitive data exposures in your source code and artifacts, with more features on the way! Learn how Veles

Veles, Google's new open-source secret scanner, is now available. This tool, built into our SCALIBR scanner, identifies exposed credentials with an extensible architecture for new secret types. We'd love to hear your feedback and answer any questions. opensource.googleblog.com/2025/07/stop-l…

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4