2025-10-22 –, Europe
Discover how we hacked YARA and built rules to effectively detect open source software sources and binaries as if it were malware, using rules that you can generate on demand for fun and profit, and integrate software composition analysis with malware hunting!
Former Microsoft CEO Steve Ballmer once said that Linux and open source was a cancer. But "developers, developers, developers !!!" know that Linux and open source are not a cancer, but a virus because you can use virus scanning techniques and tools to discover (vulnerable) open source software :)
We hacked YARA to build rules and more effectively detect open source software sources and binaries as if it were malware, generating rules on demand for fun and profit, and integrate software composition analysis with malware hunting!
I am a passionate FOSS hacker; lead maintainer of ScanCode, PurlDB and VulnerableCode; and on a mission to enable easier and safer to reuse of FOSS code with best-in-class open source Software Composition Analysis (SCA) tools for open source discovery and license and security compliance at https://aboutcode.org . I am also a co-founder of SPDX and the creator of Package-URL (PURL), a de-facto standard to identify packages in SBOMs, along with SCA tools and a vulnerability database used throughout the industry.