The OpenSSL project team will release a new version of the OpenSSL library (version 3.0.7) on Tuesday to address a critical vulnerability in version 3.0 to 3.6 of the widely used open source, command-line toolkit [184 words].
Five useful tools and lists for keeping on top of the OpenSSL vulnerability to be disclosed Nov 1.
- Free Python Scripts from Lightspin for identifying resources with OpenSSL installed in them directly or as an upstream dependency.
- National Cyber Security Center-Netherlands (NCSC-NL) list of software affected and unaffected by the vulnerability. Listed software is paired with specific information regarding which version contains the security fixes and which software still requires fixes.
- Is your Linux distro vulnerable? Check this SANS Internet Storm Center list of OpenSSL versions in different Linux operating systems.
- Rapticore freemium tool for inventorying cloud environments and code repositories for all public-facing instances so organizations can prioritize remediation efforts
- Generate an inventory of container images that contain OpenSSL using Sysdig Secure. Useful for prioritizing responses and remediation and for executive reporting purposes
