Blog

Releasing RepoMetaScore (repository metadata scoring): a dependency checking tool that analyzes metadata of open-source project, including commit history and contributors’ background. RepoMetaScore calculates risk rating, makes supply chain risks visible and prevents weaponizing OSS.

Cossack Labs stands with Ukraine and offers free security assessment and engineering services for Ukrainian companies to improve country protection and resilience.

How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries – check our research of the React Native ecosystem security.

All developers need to know about using OCSP and CRL for validating TLS certificates in Go apps. Things we’ve learnt while building our own OCSP/CRL validation tooling: design, implementation and security tips, example code and popular mistakes.

Read about building secure crypto wallets and issues we found when doing crypto wallet security audits. Hot non-custodial wallets store private keys, sign crypto transactions, and claim to be secure. But are they?

We are pleased to announce the Acra Community Edition 0.90.0 release, which makes a broad set of security features, including database encryption, searchable encryption, and encryption-as-a-service API available for any developer.

Understanding cloud security # In this article, we observe security responsibility of cloud providers: where it ends, what are the gaps and grey areas, and what risks security teams should take into account when using “as a service” platforms. So, you’re planning your new business in an area where security matters, and you start thinking about choosing your cloud provider to build your application on. Typically, you start juggling with a combination of all the nice building blocks you need and financial aspects you’re facing.

React Native security: What developers and team leads need to know. Handle risks and threats, prevent typical security mistakes, follow best engineering practices — learn from our experience.

Logs, audit logs, and security events are must-have components of a secure system, which help to monitor ongoing behaviour and provide forensic evidence in case of an incident. Let’s cut through complexity. In this article, we cover cryptographically signed audit logging, aka “secure logging”, when logs are generated in a certain way which prevents tampering messages, removing, adding or changing the order of log entries. We explain why signed logs are essential for security software, how we’ve built-in secure audit logging in Acra, and how to use it together with other defense in-depth layers in your systems.

New Themis Release: 0.13.0 # Today, the Cossack Labs team is proud to announce Themis 0.13.0 release. Themis is a high-level “boring” cryptographic library that gives developers easy-to-use hard-to-misuse blocks to solve 90% of typical crypto use cases for web and mobile apps. New update makes storage encryption easier to use and introduces Kotlin for Android support (which becomes the 14th officially supported language). You can find latest source code in the GitHub repository.