Investing in the people shaping open source and securing the future together

Open source has always been about community. It's about maintainers who review pull requests late at night. Volunteers who respond to security reports from strangers. And communities that quietly power the world's software. The reality behind the commits is that maintainers get stretched thin. Th...

Finding Vulnerabilities in Open Source Projects

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The "Alpha" side will emphasize vulnerability testing by hand in the most popular...

My Dex Complete: Alpha & Omega - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application My Dex Complete: Alpha & Omega published at the 'play' market has multiple vulnerabilities...

DEC Alpha Linux <= 3.0 - Local Root Exploit

No description provided by source. / DEC Alpha Linux = 3.0 local root exploit by Dan Rosenberg @djrbliss Usage: $ gcc alpha-omega.c -o alpha-omega $ ./alpha-omega Notes: -Payload specific to = 2.6.28 no cred struct, modify as needed -Socket trigger tested on 2.6.28 adjust offset as needed -INETDI...

Unfixed XSS vulnerability at www.alphaomegahosting.com

Security researcher KaBuS, has submitted on 16/04/2007 a cross-site-scripting XSS vulnerability affecting www.alphaomegahosting.com, which at the time of submission ranked 962622 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/04/2007. It is...