Software Integrity

Archive for the 'Open Source Security' Category

 

Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]

Continue Reading...

Posted in Application Security, Open Source Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

 

Open source vulnerabilities: Are you prepared to run the race?

Originally posted on SecurityWeek.  After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen. As the use of open source continues to rise, many organizations are putting […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on Open source vulnerabilities: Are you prepared to run the race?

 

Synopsys strengthens Software Integrity Platform with Black Duck acquisition

Today, Synopsys completed the acquisition of Black Duck Software, a well-respected, established leader in Software Composition Analysis (SCA), which helps organizations identify open source components in their software and check those components for known security vulnerabilities. The two companies are strategically aligned, with a shared vision of building security and quality into the software development […]

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on Synopsys strengthens Software Integrity Platform with Black Duck acquisition

 

Examining open source security and the road ahead in the 2017 Coverity Scan Report

Coverity Scan’s impact on open source software (OSS) is both extensive and largely unacknowledged. Since its inception, Scan has enabled developers to fix over 600,000 defects across some of the most important projects in open source. As part of that effort, it has also helped improve the maturity of the software development practices of active […]

Continue Reading...

Posted in Application Security, Open Source Security, Static Analysis (SAST) | Comments Off on Examining open source security and the road ahead in the 2017 Coverity Scan Report

 

Eliminate cyber supply chain security vulnerabilities at the point of introduction

Nordic IT Security is the key meeting place for the brave new world of IT security. On November 7, 2017, at the upcoming premier security conference, Synopsys’ Michael White presents an actionable and inspiring talk on how to enhance security measures throughout the software development life cycle (SDLC). What to expect at the Nordic IT […]

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on Eliminate cyber supply chain security vulnerabilities at the point of introduction

 

Did an Apache Struts vulnerability trigger the Equifax hack?

In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Did an Apache Struts vulnerability trigger the Equifax hack?

 

Synopsys finds 3 Linux kernel vulnerabilities

At Synopsys, our R&D teams routinely organize internal hackathons to verify the Synopsys Software Integrity Portfolio’s performance in real-world environments. During one hackthon, focused on open source software, Tuomas Haanpää, from the Synopsys Fuzz Testing (Defensics) R&D group, ran our NFSv3 test suite against the Linux kernel and found several interesting errors. Initial analysis found that anomalized […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Open Source Security | Comments Off on Synopsys finds 3 Linux kernel vulnerabilities

 

What does the recent NPM malware mean for the future of open source trust?

Co-authored by Amit Sethi and Arthur Hinds Earlier this month, the open source community went into high alert. The problem’s epicenter was the Node Package Manager (NPM) which affected what is currently believed to be 40 packages. Typosquatting Specifically, someone performed a ‘typosquatting’ attack against packages distributed via the NPM. First, the attacker downloaded popular […]

Continue Reading...

Posted in JavaScript Security, Open Source Security | Comments Off on What does the recent NPM malware mean for the future of open source trust?

 

How to use FOSS management systems to manage FOSS components

In modern software development, the importance of using free and open source software (FOSS) components to build software products and systems isn’t debatable. Using FOSS components for commonly available functionalities such as logging (e.g., Log4j), text search (e.g., Apache Lucene), and secure communication (e.g., OpenSSL) has become an important factor to speed product time-to-market (TTM). […]

Continue Reading...

Posted in Open Source Security | Comments Off on How to use FOSS management systems to manage FOSS components

 

Webinar: Do you know what’s in your software?

Much of today’s software is created using third-party code, and why not? After all, it’s quicker and more cost effective than building it from scratch. Using third-party software, however, comes with its own challenges. The recent State of Software Composition Analysis 2017 report explores these challenges. The report is based on the analysis of 128,782 software […]

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on Webinar: Do you know what’s in your software?