An internal vulnerability scanner can now detect vulnerabilities and report them to your local police or government for immediate action, a vulnerability scanner developer at the Linux Foundation said on Thursday.
The vulnerability scanner, which was launched last week, is designed to help police and other security agencies identify and mitigate critical security vulnerabilities that could allow attackers to compromise a laptop.
“It’s like a bug bounty,” the developer, Nirav Gokhale, said.
“You get paid if you find an exploit, and the more you find, the higher your reward.
If you find a vulnerability, you can reward people who fix it.”
A security researcher named Nirav Gurmeet Ramachandran, who first published the vulnerability scanner at Red Hat in January, said that while the software works on the most popular Linux distros, the software is still very new.
“I started using the software for the first time this week, and it’s been working well so far,” Ramachasran said in an email to The Hindu.
In his research, Ramachan found that the vulnerability scanners only detected a few dozen vulnerabilities and that many of them are critical, such as CVE-2017-4240, CVE-2018-0106, CVE.2018-0208, CVE, CVE-, CVE-2019-0130, CVE., CVE-2020-0047, CVE.-2021-0037, CVE-.2020-0124, CVE .2020-0411, CVE , CVE-.2022-0045, CVE+, CVE-.2322-0119, CVE+.2019-0023, CVE+2019-0010, CVE#2017-0330, and CVE#2019-0430.
It also detected some flaws that are critical to the use of Linux.
For instance, Ramakrishna Chatterjee found that CVE-2015-2448, CVE2018-0010, CVE2017-0058, CVE2015-2521, CVE2029, CVE2020-0205, CVE2019-00003, CVE1902-3141, CVE2016-5011, CVE1703-0223, CVE2212-2361, CVE3021-2344, CVE3214-2365, CVE3520-2376, CVE4036-2380, CVE4321-2306, CVE4520-3026, CVE4900-4010, CVE5216-4011, and other flaws.
Gokhales team has identified a number of vulnerabilities that are of critical importance to users, but the most notable vulnerability is CVE-2016-0552.
This is the same vulnerability that affected Linux Mint and Debian.
“We’ve found some vulnerabilities in other Linux distruses that could potentially allow an attacker to compromise your laptop, and we’re also looking into ways to help detect and mitigate these vulnerabilities,” Ramakshasran added.
“We’ve identified the CVE-2010-5228, CVE2008-2121, CVE2010-6281, CVE2014-0075, CVE2013-0108, CVE2012-0107, CVE2009-0110, and many more.”
Ramachasrandran’s team has also developed a tool to help researchers report vulnerabilities.
Linux Foundation spokesperson, Nair Kumar, said, “The Linux Foundation has been working on the vulnerability scanning tool, called OpenCV, since early this year and we are very proud to announce its launch today.”
Ramakshhasran said that OpenCV will be available on the platform in a beta version later this year.