[mikestorrent]

Is there a tool out there that you can put software releases into and it will tell you how safe it is? I don't seem to be able to buy anything to do this. Crowdstrike and other modern antivirus may react to it once it's on a device, SAST / SCA tooling will help with CVEs, but there's nothing I can give my users where they can put in some piece of random software and get a reputation metric out the other side, is there?

[vladvasiliu]

> put in some piece of random software and get a reputation metric out the other side

Well, the enterprise version of ms defender will not only react to it if it does something "weird", but will specifically look at its "reputation" before it runs at all.

However, as another commenter pointed out, this generates a ton of false positives. Basically everything that's "brand new" is liable to trigger it. Think your freshly compiled hellow_world.exe. So, all in all, people may no longer pay attention to it and just click through all warnings.

[tranceylc]

Worked on a minecraft clone on steam that would falsely get flagged by defender as a “bitcoin miner” for YEARS.

[DarkUranium]

Well, they got one half of that label right...

[JohnTHaller]

I run software downloads through VirusTotal before installing or using. And I scan all releases I make on PortableApps.com through it as well. (Except those that are bigger than the max size in which case those get scanned with Defender, ClamAV, and at least one commercial Windows antivirus.)

[__natty__]

Not exactly for software (although there is such section) but I use end of life [0] website. Besides time when certain software will be outdated it also tells you their release time.

[0] https://endoflife.date/

[Foobar8568]

Beside Virus Total, I am unsure https://www.virustotal.com/

[mikestorrent]

Thanks, that's helpful

[seanw444]

You could put it into an LLM, since that's what we do for everything else nowadays.