Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/22/2007
02:21 AM
50%
50%

Sourcefire, Insecure.org Team Up

Sourcefire and Insecure.org announced a licensing agreement for the parties to jointly develop open source vulnerability scanning technology

COLUMBIA, Md. -- Open source innovator and SNORT ® creator, Sourcefire, Inc., and Insecure.Org, the creator of the Nmap® Security Scanner, today announced a licensing agreement for the parties to jointly develop open source vulnerability scanning technology based on the general purpose Nmap Scripting Engine (NSE) embedded within the popular Nmap network discovery tool. Under the agreement, Insecure.Org will develop the engine while the Sourcefire Vulnerability Research Team (VRT) will develop and contribute plug-ins for discovering specific vulnerabilities.

“Sourcefire was built on the premise of combining open source technologies with proprietary innovation and funded research to produce world-class solutions for our customers,” said Martin Roesch, Sourcefire’s Chief Technology Officer and the original author of Snort. “This joint effort exemplifies the spirit of the open source community, combining Insecure.Org’s active scanning expertise with Sourcefire’s vulnerability research capabilities to deliver a powerful new open source scanning technology. As open source leaders and innovators, both of our organizations are dedicated to providing users with the best possible technology to address their security issues, and we are very excited by the capabilities that this relationship will deliver.”

The new engine technology will be available within the open source Nmap Security Scanner as well as bundled into the Sourcefire 3D™ System. When combined with Sourcefire RNA as part of the award-winning 3D System, these new active scanning capabilities will enable customers to coordinate passive network discovery with surgical active scanning for a sophisticated approach to vulnerability detection. Users of Sourcefire RNA will be able to identify real-time network changes and then use the Nmap capabilities to deliver specific vulnerability information for only those assets that have been added or changed, significantly reducing scanning times, enhancing network performance and providing detailed analysis much more quickly than traditional solutions.

“This partnership is an exciting moment for the Nmap project,” said Nmap creator and lead developer Fyodor. “Nmap has grown over the years from simply enumerating open port numbers to identifying remote operating systems and application versions. With NSE we are taking the next step forward by facilitating advanced network discovery and vulnerability detection. We are grateful to Sourcefire for lending the talents of their exceptional VRT team to this project, and we are happy to see the technology providing value to Sourcefire’s enterprise customers as well.”

Sourcefire Inc. (Nasdaq: FIRE)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.