Open Attack Surface Management – Oasm.dev

1•l1ttps•2w ago

Open-source platform for cybersecurity Attack Surface Management. Built to help security teams identify, monitor, and manage external assets and potential security exposures across their digital infrastructure.

https://github.com/oasm-platform/open-asm

Comments

csp_dev•2w ago

Congrats on the launch. Open-source ASM is desperately needed.

Looking at this, I'm thinking about the evolution of the external attack surface. It's not just about finding assets anymore, but understanding their security posture in depth with minimal intrusion.

This connects to work I'm doing on "zero-knowledge" security protocols. Imagine your platform discovers a web app, and a next-generation, privacy-aware scanner could then check for credential exposure (using a protocol that doesn't expose the creds) or misconfigurations without collecting sensitive payloads.

A technical question/thought: For asset discovery and fingerprinting at scale, how do you handle the privacy/data minimization aspect? For instance, when your scanner encounters a login page, is there a consideration for what signals are collected and stored? As we build more autonomous security scanners (and later, AI agents), baking in privacy-by-design from the start seems critical.

Tools like Open-ASM that map the territory will be the foundation for a new wave of respectful, efficient security testing. Excited to see this.

l1ttps•2w ago

In practice, we aim to identify as many real risks as possible across the external attack surface, since expanding visibility is what most improves an administrator’s understanding of their system. From our perspective, broad and accurate risk discovery is a prerequisite for effective security management, and it should be balanced with intentional choices around how deeply we inspect and what data we persist.

csp_dev•2w ago

Fully agree that broad, accurate discovery is the crucial first step. My point is about how we achieve the depth. The goal is deeper inspection through privacy-aware protocols like a scanner proving a login page is vulnerable without ever seeing credentials—so administrators get comprehensive risk understanding without the data liability.

Neomacs: GPU-accelerated Emacs with inline video, WebKit, and terminal via wgpu

Show HN: Moli P2P – An ephemeral, serverless image gallery (Rust and WebRTC)

How I grow my X presence?

What's the cost of the most expensive Super Bowl ad slot?

What if you just did a startup instead?

Hacking up your own shell completion (2020)

Show HN: Gorse 0.5 – Open-source recommender system with visual workflow editor

GLM-OCR: Accurate × Fast × Comprehensive

Local Agent Bench: Test 11 small LLMs on tool-calling judgment, on CPU, no GPU

Show HN: AboutMyProject – A public log for developer proof-of-work

Expertise, AI and Work of Future [video]

So Long to Cheap Books You Could Fit in Your Pocket

PID Controller

SpaceX Rocket Generates 100GW of Power, or 20% of US Electricity

Kubernetes MCP Server

I Built a Movie Recommendation Agent to Solve Movie Nights with My Wife

What were the first animals? The fierce sponge–jelly battle that just won't end

Sidestepping Evaluation Awareness and Anticipating Misalignment

OldMapsOnline

What It's Like to Be a Worm

Don't go to physics grad school and other cautionary tales

Lawyer sets new standard for abuse of AI; judge tosses case

AI anxiety batters software execs, costing them combined $62B: report

Bogus Pipeline

Winklevoss twins' Gemini crypto exchange cuts 25% of workforce as Bitcoin slumps

How AI Is Reshaping Human Reasoning and the Rise of Cognitive Surrender

Cycling in France

Ask HN: What breaks in cross-border healthcare coordination?

Show HN: Simple – a bytecode VM and language stack I built with AI

Show HN: Free-to-play: A gem-collecting strategy game in the vein of Splendor