We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions.
Posted in News & Announcements, Open Source Security | Comments Off on Review of Apache Struts vulnerabilities yields 24 updated advisories
The use of Node.js is rising. But many organizations don’t know about the potential license and security risks that Node.js can pose for their applications.
Posted in Open Source Security, Web Application Security | Comments Off on The license and security risks of using Node.js
Learn how to adopt a cloud-native model for application security and how to mitigate legal risk by better understanding open source licensing obligations.
Posted in Cloud Security, Open Source Security, Webinars | Comments Off on [Webinars] Cloud security and open source licensing
Binary code analysis tools are essential when you don’t have access to a build environment or source code. Here are some use cases for scanning binary code.
Posted in Open Source Security | Comments Off on 3 use cases where source code scanning doesn’t cut it
Identifying open source in the target’s codebase is essential to M&A transactions involving software. Open source audits go far beyond what SCA can provide.
Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Open source audits: The secret ingredient for successful M&A
Learn how different open source scans create different value for M&A transactions, and how binary analysis can help you secure your software supply chain.
Posted in Mergers & Acquisitions, Open Source Security, Webinars | Comments Off on [Webinars] Software supply chain and open source scans
A CISO having a bad day finds out the hard way that cutting corners on software security testing might end up costing him more than he saved.
Posted in Cloud Security, Interactive Application Security Testing (IAST), Maturity Model (BSIMM), Mobile Application Security, Open Source Security, Security Training, Software Architecture and Design, Software Composition Analysis | Comments Off on What happens when your CISO has one of those days?
Consider these three operational open source risk factors when using open source components: version currency, version proliferation, and project activity.
Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Top 3 operational open source risk factors
How should you track open source? It’s almost definitely in your codebase, so the question is not whether to track it but what could happen if you don’t.
Posted in Open Source Security, Software Composition Analysis | Comments Off on You’re using open source software, and you need to keep track of it
Learn how to drive your software security initiative with metrics, and get practical advice for open source security with Red Hat, in our new webinars.
Posted in Maturity Model (BSIMM), Open Source Security, Webinars | Comments Off on [Webinars] Software security metrics and open source security