Google has launched a new development program targeting the Tsunami Security Scanner.
On September 28, Guoli Ma, Sebastian Lekies, and Claudio Criscione, members of Google’s vulnerability management team, said in a blog post that the new program is designed to improve Tsunami’s security detection capabilities.
The Tsunami Security Scanner, open sourced in July 2020, was originally an internal Google tool and has since been published and made available to the public.
The scanner is designed to check large-scale enterprise networks for open ports and then to cross-check vulnerability exposure based on the initial reconnaissance results. Plugins can be implemented by users to check for specific security flaws. Tsunami can also check for basic security issues including the use of weak enterprise credentials.
Google says that the new, experimental program will give researchers patch rewards for creating plugins and application fingerprints. The former requires contributors to develop plugins that can be used for enhanced vulnerability detection, whereas
Read the article