Software Integrity Blog

Archive for the 'Open Source Security' Category

 

[Webinars] Vulnerability reports, application security for DevOps and CI/CD

Learn how vulnerability reports can help you fix critical vulnerabilities effectively, and the essentials of application security for DevOps and CI/CD.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security, Software Composition Analysis (SCA), Software Security Program, Webinars | Comments Off on [Webinars] Vulnerability reports, application security for DevOps and CI/CD

 

[Infographic] Key findings from the 2020 OSSRA report

Our 2020 OSSRA infographic shows key findings and open source trends from the Synopsys Open Source Security and Risk Analysis report. Download the free PDF.

Continue Reading...

Posted in Open Source Security | Comments Off on [Infographic] Key findings from the 2020 OSSRA report

 

5 key takeaways from the 2020 Open Source Security and Risk Analysis report

Our analysis of 1,250+ codebases reveals trends in open source use, security, and license compliance that affect development, security, and legal teams.

Continue Reading...

Posted in Featured, Open Source Security | Comments Off on 5 key takeaways from the 2020 Open Source Security and Risk Analysis report

 

[Webinars] Open source security, remote security testing, secure development

Learn more about the 2020 OSSRA report, guidelines and solutions for remote security testing, and why all software development should be secure development.

Continue Reading...

Posted in Developer Enablement, Open Source Security, Software Security Program, Webinars | Comments Off on [Webinars] Open source security, remote security testing, secure development

 

5 types of software licenses you need to understand

Different types of software licenses require you to meet certain obligations if you want to reuse the code. Here are 5 common types of software licenses.

Continue Reading...

Posted in Open Source Security | Comments Off on 5 types of software licenses you need to understand

 

What is the Ghostcat vulnerability (CVE-2020-1938)?

Ghostcat (CVE-2020-1938) is an Apache Tomcat vulnerability that allows remote code execution in some circumstances. Here’s how to find and mitigate it.

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on What is the Ghostcat vulnerability (CVE-2020-1938)?

 

How to deal with legacy vulnerabilities

Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on How to deal with legacy vulnerabilities

 

Open source software use grows in Germany, but compliance and risk management need improvement

A new report from Bitkom reveals that among companies that use open source, many aren’t sure of the best way to approach open source risk management.

Continue Reading...

Posted in Open Source Security | Comments Off on Open source software use grows in Germany, but compliance and risk management need improvement

 

How do you effectively remediate the increasing sea of vulnerabilities?

With applications containing more and more open source, and 40+ vulnerabilities disclosed daily, how do you prioritize your remediation efforts?

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA) | Comments Off on How do you effectively remediate the increasing sea of vulnerabilities?

 

How to Cyber Security: Software is manufacturing

Modern software is a bit like manufacturing: gluing open source components together using proprietary code and tracking everything with a bill of materials.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on How to Cyber Security: Software is manufacturing