Q1 Safety & Security Report

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/redditsecurity

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
  • log4j_checker_beta

    a fast check, if your server could be vulnerable to CVE-2021-44228

    Coordinating an effective response was challenging for most if not all of the organizations affected, and at Reddit we saw firsthand how amazing people will come together in a situation. Internally, we needed to work together across teams quickly, but this was also an internet-wide situation, so while we were working on things here, we were also seeing how the ecosystem itself was mobilized. For example, we were able to swiftly scale up our response by scouring public forums where others were dealing with these same issues, devoting personnel to understanding and implementing those learnings, and using ad-hoc scanning tools (e.g. a fleet-wide Ansible playbook execution of an rubo77's log4j checker and Anchore’s tool Syft) to ensure our reports were accurate. Thanks to our quick responders and collaboration with our colleagues across the industry, we were able to address the vulnerability while it was still just a bug to be patched, before it turned into something worse. It was inspiring to see how defenders connected with each other on Reddit (oh yeah, plenty of memes and threads were generated) and elsewhere on the internet, and we learned a lot both about how we might tune up our security capabilities & response processes, but also about how we might leverage community and connections to improve security across the industry. In addition, we continue to grow our internal community of folks protecting Reddit (btw, we’re hiring!) to scale up to meet the next challenge that comes our way.

  • syft

    CLI tool and library for generating a Software Bill of Materials from container images and filesystems

    Coordinating an effective response was challenging for most if not all of the organizations affected, and at Reddit we saw firsthand how amazing people will come together in a situation. Internally, we needed to work together across teams quickly, but this was also an internet-wide situation, so while we were working on things here, we were also seeing how the ecosystem itself was mobilized. For example, we were able to swiftly scale up our response by scouring public forums where others were dealing with these same issues, devoting personnel to understanding and implementing those learnings, and using ad-hoc scanning tools (e.g. a fleet-wide Ansible playbook execution of an rubo77's log4j checker and Anchore’s tool Syft) to ensure our reports were accurate. Thanks to our quick responders and collaboration with our colleagues across the industry, we were able to address the vulnerability while it was still just a bug to be patched, before it turned into something worse. It was inspiring to see how defenders connected with each other on Reddit (oh yeah, plenty of memes and threads were generated) and elsewhere on the internet, and we learned a lot both about how we might tune up our security capabilities & response processes, but also about how we might leverage community and connections to improve security across the industry. In addition, we continue to grow our internal community of folks protecting Reddit (btw, we’re hiring!) to scale up to meet the next challenge that comes our way.

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts