Open Security News Overview

Cyber security is a process, not a destination to arrive at. Openness and transparency builds trust. Good simple cyber security solutions are open and transparent. Cyber Security is a complex field. Without digital security, your privacy is at risk. Keep it simple. Keep learning.

  • Python Security: What is SAST

    The rapid growth and increasing complexity of Python based web applications and systems have made robust security testing more important than ever. Cybercriminals are constantly evolving their tactics, looking for vulnerabilities they can exploit to steal data or disrupt operations. Static Application Security Testing (SAST) is a security methodology that analyzes an application’s source code…

  • Python Code Under Fire: Hidden Security Risks

    Python’s popularity and accessibility make it an attractive target for malicious actors. Its widespread presence on developer and server machines means attackers often find it readily available for misuse. A key security risk is Python’s ability to easily execute arbitrary code provided as data, which is a common mechanism in various injection and remote code…

  • Google’s CodeMender: More Dangerous Than Helpful?

    Recently I noticed an interesting new announcement from Google Deepmind called: “Introducing CodeMender: an AI agent for code security“. Since I am into security this article caught my attention. A growing trend in the security tooling space is the emergence of AI-powered code auditors — tools that don’t just find vulnerabilities, but claim to fix…

  • The End of Bandit: Meet Python Code Audit

    The rapid growth and increasing complexity of Python based web applications and systems have made robust security testing more important than ever. Cyber criminals are constantly evolving their tactics, looking for vulnerabilities they can exploit to steal data or disrupt operations. Traditional security testing for Python applications is still complex, time-consuming, and expensive. 

  • Open Security News week 37-2025

    A single tool, suite or framework to manage all aspects for security aspects is in practice impossible. There are far too many aspects that require specialist tools and expertise that creating and maintaining such a tool is impossible. Also the code-base will be insecure by design, since security maintenance of large complex code bases is…

  • Code does not lie

    Good measurements for cyber security do not have to be technical. From a defence in depth principle it is recommended to have a mix of various technical and non technical measurements. A healthy distrust in security means never trust software and hardware and take as many measurements to mitigate cyber risks to acceptable levels. 

  • Open Security News week 33-2025

    Python is for one of the most used programming language to date. Especially in the AI/ML world ecosystem, most tools are based on Python programs. Large and small businesses use and trust Python to run their business. Python is from security perspective a safe choice. However even when using Python the risk on security issues…

  • Avoid Python SAST scanners based on AI

    What happened with blockchain technology is also happening with AI technology. Too many people believe that it is a solution for all hard and complex problems. I still love this flowchart that helps you to determine if blockchain is an appropriate technology for your use case. Spoiler: Blockchain is seldom a solution.

  • Stop using assert in your Python code

    Too many Python programs use assert statements to check for conditions, even in widely used modules like Pydantic. Using assert can be problematic from a security perspective. The Python assert statement itself isn’t insecure, but its misuse can lead to vulnerabilities.

  • Is Pydantic as safe as it Is popular?

    If you want to keep complexity low and minimize security risks, you always need to decide whether using an external Python library is the right choice. Practising 0Complexity design principles is never easy. But when it comes to security and minimising dependencies, you should weigh the advantages and disadvantages of using any external Python library.…

  • Open Security News week 30-2025

    Python is for one of the most used programming language to date. Especially in the AI/ML world and the cyber security world, most tools are based on Python programs. Large and small businesses use and trust Python to run their business. However even when using Python the risk on security issues is never zero. Static…

  • Open Security News week 25-2025

    Cyber security is complex. But effective cyber solutions do not need to be complex and very expensive.Simplifying your security landscape is not simple, it means rethinking your strategy and re prioritizing objectives. The perfect solution to reduce security risks to zero does not exist. But using and creating a security architecture helps with reducing and…