Read about application security, DevSecOps, license compliance, and software supply chain security.
The COVID-19 pandemic forced many organizations to shift to a remote workforce almost overnight, most of which were not prepared for the sudden change. In their efforts to ensure their employees could remain productive, a number of organizations relaxed their security policies and unwittingly exposed their networks to compromise. As the pandemic continues, security challenges...
API security is an essential part of application security in a digitally transformed world.
The Main Application Security Technologies to Adopt in 2021
what motivates white hat hackers to take the time to prod and probe our software, looking for bugs?
How to set up and implement an open source strategy that will ensure open source security and compliance.
What are CVEs and how are they published? What kind of information do CVEs offer about security vulnerabilities in publicly released software?
The top security conferences to visit in 2021, virtually or in-person.
To help you stay on top of your open source security, here is our list of top 10 open source security vulnerabilities in 2020.
What is application security testing orchestration and why it is crucial in helping organizations make sure all potential risks are tracked and addressed.
As a technology, containers have done much to advance software development. However, it’s not without its issues, particularly in regards to security. Container security challenges have delayed or halted deployments, impeding organizations’ process in their quest to produce better quality software, faster. In this webinar, we discuss the current state of container security and what...
The benefits of DevSecOps make a compelling case for its adoption. However, for many enterprise organizations, progressing from adoption to scale continues to be a challenge – which in turn, impacts their chances of success. So how can you implement DevSecOps to date and ensure a visible and continuous delivery pipeline for software releases without...
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Ivtsan, Director of Product...
Apache Struts vulnerabilities are causing users to consider migrating to competing frameworks. We list the reasons to stay or go.
Merge Confidence identifies and flags undeclared breaking releases based on analysis of test & release adoption data.
DevSecOps requires processes and tools that enable weaving security throughout the DevOps pipeline. It is much more than a buzzword, and if you’d ask most organizations, well – they believe they are in the process of adopting DevSecOps tools and practices. But – are they? In order to deeply understand the state of DevSecOps implementation...
Explore the changes in CVSS v3.1 vs. CVSS 3.0 and understand their importance. Learn how to use CVSS 3.1
Learn all about white box testing: how it’s done, its techniques, types, and tools, its advantages and disadvantages, and more.
BSD Licenses are a family of permissive free software. Due to their permissive nature, they have very relaxed conditions, but does that mean there's no limitation at all?
Top tips for getting started with Mend Composition Analysis to ensure your implementation is successful.
Learn all about the history of open source copyleft licenses, what they mean, and when to use them.
How prioritization can help development and security teams minimize security debt and fix the most important security issues first.
As the microservices development environment becomes more and more popular in cloud-based companies, the CI/CD volume is getting bigger and bigger and is changing the way organizations such as LivePerson can integrate DevSecOps tools into their CI/CD processes. Join Nir Koren, DevOps CI/CD Team Lead at LivePerson, as he discusses: -Why it is crucial to...
We have compiled a list of your top 10 questions about the Common Development and Distribution License.
All about Eclipse SW360 - an application that helps manage the bill of materials — and its main features.
Why you shouldn't track open source components usage manually and what is the correct way to do it.
What are the different types of black box testing, how is it different from while box testing, and how can black box testing help you boost security?
Application security should be a critical part of the DevOps process, as these days even the smallest vulnerability can wreak major havoc should they lead to failures or data breaches. As a result, however, application security and vulnerability scanning tools abound for every step of the software development life cycle, which means more tools to...
Software Composition Analysis software helps manage your open source components. Here are 7 questions you should ask before buying an SCA solution.
There are a lot of myths in application security. By partnering with developers, Target has busted several common security myths and proved that an effective security program can take a different approach. This session will describe how to successfully implement a “credit score” to security measurement practices, build an exclusive security champions program, and stop...
The top code review tools that will help you detect and remediate code defects and errors before production, when they are easy & less expensive to address.
NVD is the main source of open source vulnerabilities, but to cover yourself you need to know all main vulnerability databases.
How to make sure you have a solid patch management policy in place, check all of the boxes in the process, and use the right tools.
We’ve compiled a list of top 10 questions & answers about the Microsoft Public License.
Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach...
The application security testing market is split into security scanning tools and runtime protection tools. In this article we define & compare all options.
The known open source core model had many challenges which led several companies to try and find a better licensing model. Join Matt Asay, Head of Open Source Strategy and Marketing at AWS, as he discusses innovative companies like Cloudera, Redis Labs, MongoDB and RackN, and their solutions to problems like competing with cloud providers...