A lot of these "awesome" lists are maybe reasonably OK on first-publish, but ultimately become useless due to:
1. Lack of curation (focus on including everything rather than being opinionated)
2. Lack of updates (tools get out of date fast, especially in long lists that try and include everything).
However, THIS list is different. This list is BAD on first publish. Most of the categories are not even remotely security related ("Project Management") or at least not explicitly so ("Supply Chain Management" / "Docker UI" / "Configuration Management"). Yeah sure, some of the latter will be useful for blue teams, but noone on any blue team is going to be searching for those tools under the keyword "security".
Beyond the above, things get worse: the formatting is hopeless, many of the tools are not open-source at all, and while including a lot of irrelevant non-security-related stuff, it omits many obvious well-known security tools.
Flagging seems a bit excessive. I have no affiliation with penetrum. Just thought the collection as a whole was interesting. Of course it's not a perfect list as it seems to be a one time post.
I wouldn't go as far as flagging typically for low-quality content. However labelling something as "open source" when it is in fact not "open source" goes further.
I find such lists nigh unto useless. I don't have time to evaluate each project to see which one is the right fit for my needs.
We'd be better off if people did a deep dive analysis of just one of those categories.
I suspect that whoever constructs these types of lists does NOT have experience with each project, and thus there's bound to be plenty of projects that don't deserve to be on the list because they're just not ready for production usage.
I think people find it neat to have 'awesome list' and then they find out how much work it is to update it at least once a year.
Second idea, they put it on GH and expect that "community" will post pull requests to their list doing work. Maybe not in an 'evil' way but they think that idea is neat and others will find it also cool.
I found it in a way where I was setting website for a local hobby club. I have started initial web page, posted couple articles and wanted others to pick up and participate. After 3 months of initial "oh that is so cool we have a website", no one ever cared beside me, I operated website for 2 more years and moved on with life to other hobbies because of life.
Most of the time I think this is just a "contribution barrier" that has to be made as easy as possible.
With your local website example, did the people know how to contribute to it? Would they be able to do the full flow of writing -> gathering feedback -> publishing the article without you? Did they know what articles you wanted written? Same goes for the random "awesome lists" people are building. If it's not clear what's missing and what should be added, people really don't know where to get started, so the contributions will be very small.
I'm currently working on a project where we want to get designers to contribute to open source design. I expected it to be very hard to find any designer who would understand and wanted to contribute, as that's what I found before on other open source projects I've done.
But this time I focused on making it really easy for them to contribute, and lo and behold, just one week after soft-launching, we already have 2-3 designers onboard who contribute their time to help out with our open source design.
Most "awesome lists" are just there for farming GitHub stars. There are people who think those will get them ahead in applications or salary negotiations.
This also means that after the initial inrush, long-term care is inefficient (star-wise) and the purpose is maybe already fulfilled anyways.
Yeah, I saw. Also, Wazuh (as "WAZUH") is mentioned as SIEM right under OSSEC (which it forked) but then it isn't mentioned under HIDS whereas OSSEC is. I don't see Ghidra or Kali mentioned either.
This is great. Producing lists like this that are good & useful is not easy: what you've done by focusing on threat intel (instead of broad/generic "security" heading) seems a very good approach.
Really wasn't expecting some much feedback on this list, just found it while looking for some SIEM solution and thought it was interesting. Your site looks way better though! Maybe the admins can change the URL?
This has the lowest signal to noise ratio of any of these lists of I've seen so far. That entire project management section should go. The entire section on configuration management should go. There are probably some good tools here but I'm not going to click on each and every one just in case it's something more interesting than Trello.
Yesterday I needed a regex fuzzer but couldn't find any (except some Windows SDL whatever that means, I'm not developing on Windows)
In the end I just created a very limited whitelist of input characters allowed and didn't use a "security tool"
You can use grammarinator or any other of myriad grammar fuzzers BUT I'd start with radamsa and its string-related flags. Radamsa is _awesome_, you run it on an input and you get mutated output. Works both for binary files and text fles (such as grammars).
1. Lack of curation (focus on including everything rather than being opinionated)
2. Lack of updates (tools get out of date fast, especially in long lists that try and include everything).
However, THIS list is different. This list is BAD on first publish. Most of the categories are not even remotely security related ("Project Management") or at least not explicitly so ("Supply Chain Management" / "Docker UI" / "Configuration Management"). Yeah sure, some of the latter will be useful for blue teams, but noone on any blue team is going to be searching for those tools under the keyword "security".
Beyond the above, things get worse: the formatting is hopeless, many of the tools are not open-source at all, and while including a lot of irrelevant non-security-related stuff, it omits many obvious well-known security tools.
Flagged for marketing this as "Open source"