Open Attack Surface Management – Oasm.dev

1•l1ttps•2w ago

Open-source platform for cybersecurity Attack Surface Management. Built to help security teams identify, monitor, and manage external assets and potential security exposures across their digital infrastructure.

https://github.com/oasm-platform/open-asm

Comments

csp_dev•2w ago

Congrats on the launch. Open-source ASM is desperately needed.

Looking at this, I'm thinking about the evolution of the external attack surface. It's not just about finding assets anymore, but understanding their security posture in depth with minimal intrusion.

This connects to work I'm doing on "zero-knowledge" security protocols. Imagine your platform discovers a web app, and a next-generation, privacy-aware scanner could then check for credential exposure (using a protocol that doesn't expose the creds) or misconfigurations without collecting sensitive payloads.

A technical question/thought: For asset discovery and fingerprinting at scale, how do you handle the privacy/data minimization aspect? For instance, when your scanner encounters a login page, is there a consideration for what signals are collected and stored? As we build more autonomous security scanners (and later, AI agents), baking in privacy-by-design from the start seems critical.

Tools like Open-ASM that map the territory will be the foundation for a new wave of respectful, efficient security testing. Excited to see this.

l1ttps•2w ago

In practice, we aim to identify as many real risks as possible across the external attack surface, since expanding visibility is what most improves an administrator’s understanding of their system. From our perspective, broad and accurate risk discovery is a prerequisite for effective security management, and it should be balanced with intentional choices around how deeply we inspect and what data we persist.

csp_dev•2w ago

Fully agree that broad, accurate discovery is the crucial first step. My point is about how we achieve the depth. The goal is deeper inspection through privacy-aware protocols like a scanner proving a login page is vulnerable without ever seeing credentials—so administrators get comprehensive risk understanding without the data liability.

Agents need good developer experience too

The Dark Factory

Free data transfer out to internet when moving out of AWS (2024)

Interop 2025: A Year of Convergence

Prejudice Against Leprosy

Slint: Cross Platform UI Library

AI and Education: Generative AI and the Future of Critical Thinking

Maple Mono: Smooth your coding flow

Moltbook isn't real but it can still hurt you

Take Back the Em Dash–and Your Voice

Show HN: 289x speedup over MLP using Spectral Graphs

Teaching Mathematics

3D Printed Microfluidic Multiplexing [video]

Abstractions Are in the Eye of the Beholder

Show HN: Routed Attention – 75-99% savings by routing between O(N) and O(N²)

We didn't ask for this internet – Ezra Klein show [video]

The Real AI Talent War Is for Plumbers and Electricians

Show HN: MimiClaw, OpenClaw(Clawdbot)on $5 Chips

I Maintain My Blog in the Age of Agents

The Fall of the Nerds

I'm 15 and built a free tool for reading Greek/Latin texts. Would love feedback

How close is AI to taking my job?

You are the reason I am not reviewing this PR

Show HN: FamilyMemories.video – Turn static old photos into 5s AI videos

How Meta Made Linux a Planet-Scale Load Balancer

A Turing Test for AI Coding

How to Identify and Eliminate Unused AWS Resources

A2CDVI – HDMI output from from the Apple IIc's digital video output connector

CLI for Common Playwright Actions

Would you use an e-commerce platform that shares transaction fees with users?