License Compatibility: Combining Open Source Licenses
While open source licenses are free, they still come with a set of terms & conditions that users must abide by. Read why license compatibility is a major concern.
Read about application security, DevSecOps, license compliance, and software supply chain security.
While open source licenses are free, they still come with a set of terms & conditions that users must abide by. Read why license compatibility is a major concern.
An open source vulnerability scanner is a tool that helps organizations identify and fix any risks associated with open source software usage. Learn all about it.
It’s a fact: software development teams are constantly bombarded with an increasingly high number of security alerts. Since fixing all vulnerabilities is unrealistic, it’s imperative that teams find a method to zero in on the security vulnerabilities that matter. The key: prioritization. But, there’s a big question: Which is the best way to prioritize? There...
Enterprises and Developers already know the importance of managing vulnerabilities and dependencies, so why do so many still fall behind? Like maintaining good physical health, software projects require more than just good intentions – there needs to be sensible and achievable process that developers want to follow, and the rewards must outweigh the demands. In...
What is the GPL SaaS loophole? Did the AGPL solve it? How can SaaS companies ensure that they are complying to their open source licenses?
What is an open source attribution report? Who needs it and why? And most importantly: what's the easiest way to produce one?
Answers to frequently asked questions about the Eclipse Public License is an open source license developed by the Eclipse Foundation.
Vulnerability remediation requires 3 important steps: knowing what you have, prioritizing and Fixing. And that goes both for proprietary and third party code.
Interactive application security testing (IAST) works from within an application to detect and report issues while an application is running.
What is the balance between getting open source usage under control and managed in an automated, continuous and consistent manner, and leaving developers the freedom to productively do their jobs.
Read our July’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
Are security policies and practices around IoT connectivity keeping up with the pace of technological innovations?
DevSecOps is usually a tool or fast speed approach to the organization. This talk, however, will take you through a different approach. With a holistic view of the organization, the security phoenix methodology takes into account a large organization with assessment, maturity matrix, scoring system and measurement options. We will walk through the problem of...
An open source audit by a certified auditor identifies your open source inventory and gives you an analysis of licence compliance and security vulnerabilities.
An open source audit by a certified auditor identifies your open source inventory and gives you an analysis of licence compliance and security vulnerabilities.
If you’re considering increasing your company’s reliance on DevOps automation, here is a 3-step thought process to automate your mindset.
This article identifies the phases of the SDLC (software development life cycle) and its main models: Waterfall and Agile.
Digital transformation has been occurring in organizations of all sizes for the past few years, yet the process isn’t moving fast enough to move the needle in many companies. How can DevOps help increase the velocity and impact of digital transformation? This panel webinar discusses the relationship between DevOps and digital transformation and ways organizations...
The Covid-19 pandemic led to a lot of tech companies converting to remote teams almost overnight, and for some this may even become the norm. While conferencing such as Zoom are widely known for substituting for face-to-face meetings, it’s much less appreciated how the disruption has increased asynchronous communication approaches as people are not always...
Poor coding is one of the main reasons for data breaches. Secure coding practices must be used to maintain a secure application.
In recent years a shift is seen in the market whereby most open source code scanners have either changed their approach or lost their entire customer base.
Read our June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
CoKinetic Systems Corporation, one of the major global players in the in-flight entertainment (IFE) market, has recently filed suit against Panasonic Avionics Corporation in a New York federal...
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red...
Waterfall, Agile, DevOps… it seems that every few years, a new methodology is born for optimum software creation. While these processes all have their strengths and weaknesses, the streamlining and red tape they often bring can feel like a hindrance to a developer’s main goal of building great software. So how do we shift secure thinking...
In its 2020 AppSec report, Forrester predicts application vulnerabilities will continue to be the most common external attack method. Read the key takeaways.
Learn how to be better prepared for GDPR by adopting the right tools and getting on the right side of regulation easier, while building great software and serving customers.
The terms DevSecOps and SecDevOps are often used interchangeably. Is there any real difference between them? Let’s explore whether there’s a difference.
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact – many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product...
Learn about April's new open source security vulnerabilities, their severity, top CWEs, vulnerabilities per programming language, new XSS in jQuery XSS, and more.
Are you ready to build your DevOps pipeline? Time to tool up with these top 7 CI/CD technologies that will help you get your feet wet.
Learn why observability is important to DevOps organizations with distributed systems, how observability is different from monitoring, and how to approach the three pillars of observability.
The continuous integration/continuous delivery market has gone through many changes since DevOps came on the scene, but it remains the backbone of the DevOps toolchain. Application release automation has also joined the ranks of must-have DevOps technologies. So where does the market stand currently and what can we expect to see in the next generation...
Open source analysis gives you visibility into your open source code and allows you to manage your open source components.
GitLab helps you to scale security across your Continuous Integration (CI) process enabling developers to test their code with every code change, right in their existing workflow. By seamlessly integrating WhiteSource’s security application testing solution in GitLab CI, we further reduce context switching and increase developer productivity. This enables developers and InfoSec professionals to work...
Check in to learn about the new open source security vulnerabilities published in March, their severity, top CWEs, vulnerabilities per programming language, new critical FastXML jackson-databind seria