Electron-which is used in popular applications such as Skype, Signal, Wire, Discord, and GitHub’s text editor Atom-provides an easy-to-use cross-platform framework for developers, though is often criticized for performance bloat and security issues, as Electron is functionally a purpose-built, stripped-down browser. Tenable’s discovery of a vulnerability in Slack echoes back to a similar vulnerability from 2018 in Electron’s handling of custom URIs. But as a company, we’ve reached a size where we can actually influence them much more than we could five years ago.” On the wisdom of building applications in Electron “For some of them it works really well, for others it’s more like business as usual.
Last week, we released something about Slack… we’re building a fairly good relationship with a lot of these vendors and we try to be a wake-up call on how to improve security practices,” Deraison said. We found a flaw in Zoom conferencing software. “We found vulnerabilities in CCTV cameras. SEE: Vendor risk management: A guide for IT leaders (free PDF) (TechRepublic)ĭeraison also noted Tenable’s insight into what applications and tools are practically in use in the enterprise, prompting a dedicated task force of full-time researchers studying these, to look for vulnerabilities. “Something which honestly I did not realize until we started to do that exercise was that a lot of people actually got started in security, or had their careers impacted, by the use of Nessus,” adding that the motivation for creating Nessus Essentials was a desire to “expand the notion of teaching the basics of security through a tool.” “Last year, we celebrated 20 years of Nessus, and as part of that, we talked to other professionals,” Nessus creator and Tenable CTO Renaud Deraison told TechRepublic. Nessus Essentials permits users to scan up to 16 IPs on home or work networks, Tenable touts it as having “more than 100,000 plugins, coverage for more than 45,000 CVE and over 100 new plugins released weekly within 24 hours of vulnerability disclosure.”
Cybersecurity firm Tenable is making its vulnerability assessment tool Nessus more widely available with the free Nessus Essentials version, introduced earlier this month, which replaces the previous non-commercial-use Nessus Home version.