All Questions
Tagged with source-codeopensource
21 questions
3votes
3answers
406views
Cryptographically prove open sourced source code of server
I want to prove that the source code I am using is the same as the open-sourced version, which is publicly available. My idea was to publish a hash of the open-sourced version and compare it to the ...
1vote
1answer
1kviews
How to Check Open Source Code for Vulnerabilities? [closed]
I am a member in bug bounty platform. There are some programs that make their source code available to the hackers to find vulnerabilities. For example, their PHP, JS, C++, or ruby code. I want to ...
1vote
1answer
262views
Making an API repository private vs public
So I am currently working on the API of an application that will be serving many users. Currently the only "sensitive" information being stored using the API is user emails and names. The application ...
- 13
0votes
1answer
134views
3rd Party Vulnerabilities Fix (Access to source code vs no access to source code)
I've embedded system software with listed vulnerabilities from a static code analyser tool. Since it is an embedded system, and I don't have access to some of the source code (being 3rd party) for ...
- 103
2votes
2answers
2kviews
Way to find security bugs in Scala source code open-source way?
I looked on Web to find way for finding security bugs specially SQL Injection and XSS in Scala code with little success. Some posts recommended to write custom detectors for FindBugs plugin, others ...
- 1,507
0votes
0answers
776views
Unable to do transformation of findbugs xml reports due to integration issue with findsecbugs plugin
I am trying to integrate the find-security-bugs plugin for findbugs using maven. I am able to run findbugs with maven and perform transformation from xml to html without any issue. I am able to run ...
- 1,507
1vote
0answers
707views
Findbugs Source Code Analyzer not able to detect vulnerabilities in JSP file?
I am using FindBugs to do source code analysis along with Find Security Bugs plugin to specifically detect security vulnerabilities like SQL Injection, XSS, etc. I installed the FindBugs plugin for ...
- 1,507
0votes
1answer
981views
Having trouble with FindBugs exclude filter
I installed FindBugs plugin in Eclipse for Source Code Analysis with FindSecurityBugs plugin to find out security issues with the code. I want to filter out certain false positives and want to exclude ...
- 1,507
2votes
0answers
2kviews
Any worthy open source Java Source Code Analysis tool from finding Security Vulnerabilities perspective? [closed]
I have been breaking my head to find out real good Open-source Source Code Analysis tool which can uncover security vulnerabilities. I did an extensive search on web and found out three major links ...
- 1,507
3votes
1answer
115views
Solution for Enterprise SW Eng. with Github and NPM [closed]
Can anyone share an architecture or framework that supports the use of Open Source software in enterprise software development environments? I'm seeking solutions to manage and mitigate the risk of ...
- 181
7votes
2answers
254views
Searching vulnerabilities via similar code comparison. Is it a viable attack vector?
Consider the following scenario: the attacker scans (optimally automatically) open codebases (eg. GitHub) for vulnerable code fragments by checking bug reports and patches. the attacker scans for ...
- 643
31votes
0answers
2kviews
Can you prove that an open source program is running the same code that it claims to be? [duplicate]
So if a group has made open source software, and the source code is available on github, and is bundled with an executable in their main download, can it be proven that the executable is compiled from ...
- 411
0votes
1answer
267views
How can I prove to users of the software that the binaries I post match source code that's been inspected and verified by a third party? [duplicate]
If I have software that's like TrueCrypt where security is very important, but unlike TrueCrypt because mine won't mysteriously go offline for seemingly no reason at all, how can I prove that my ...
14votes
3answers
2kviews
What are the security implications of 'open-source' vs. 'source-available'?
In light of the current fiasco surrounding TrueCrypt, I have received considerable criticism from current clients and peers in the IT industry for my continued support of the open-source model. Such ...
- 1,324
1vote
2answers
351views
Open Source OS - code you see vs code you get
In this question I will use the example of Linux OS, but I am also interested in general situation. Linux OS distributions are famous for being open source and thus rather secure. But how can you be ...
- 421
