InnerSource: How Open Source Best Practices Help Enterprise Development Teams
What are the benefits of InnerSource and how can organizations adopt InnerSource to improve their internal development processes?
Read about application security, DevSecOps, license compliance, and software supply chain security.
What are the benefits of InnerSource and how can organizations adopt InnerSource to improve their internal development processes?
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today’s frantic release pace and standards of constantly supplying new features and improvements. However, taking into consideration the...
Most online attacks begin when a hacker discovers a single vulnerability in an enterprise application. But how can organizations eliminate these vulnerabilities before they are exploited? While most enterprises are focused on application scanning and remediation, many software development experts are advocating better, more secure application development initiatives that prevent vulnerabilities from occurring in the...
Today no one can claim ignorance about the need for an open source vulnerability strategy, so what is yours? Are you the fire alarm type, who prefers to sit tight unless a vulnerability alert is ringing in your inbox? Or are you the fire hose type, staying ahead of the game with a never-ending stream...
OpenSSH's new v8.2 contains security updates to protect users. Why are the updates important and what do they mean for you?
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter,...
Celebrating Valentines with a shout-out to Kubernetes, Ansible, django, Apache Cassandra, TensorFlow, and more open source projects that we love
From RSA to DEF CON, from OWASP to SANS, here are our recommendations for 11 security conferences you want to attend in 2020, and why.
Amid all the talk of shifting left, mingling the DevOps and Security tribes and how can we do code better, faster and with more quality a funny thing happened. Security vendors are developing security tools for devs and DevOps. The security team still pays for them, but they won’t buy them without Dev and DevOps...
DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline. Join Senior Product Manager, Shiri Ivtsan, as she discusses: Where and how developers are implementing DevSecOps in the SDLC; Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities; Necessary steps for implementing a process for detection, prioritization,...
Over the past few years, more and more companies are turning to containerized environments to scale their applications. However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools. This session will...
Is GitOps a passing trend or a DevOps practice that's here to stay? How does the GitOps pipeline work and what are the benefits?
2019 is finally behind us, and we are all already speeding through 2020, full of promise and new resolutions. While there are many things we would all rather leave in the past, the issue of open source security vulnerabilities is still as relevant as ever. To keep you all in the know, our hard-working Knowledge...
In this article we'll take a look at the trends of open source license usage this year and compare them to previous years.
Developer advocates engage with developer communities to help them use their tools more productively. Read about the top developer advocates to follow in 2020.
December's list of top 5 new open source security vulnerabilities includes some of the most popular projects like SQLite, TensorFlow, PHP, and npm
How can you make sure that your NPM security is covered? Here are four NPM security tips for developers.
The push to the cloud has introduced a previously unknown level of agility to many organizations, but sometimes at the expense of data security. Human error often is the cause of cloud security blunders, putting sensitive data at risk and causing real damage to companies in terms of financial liability and loss of reputation. This...
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these? Join Codefresh and WhiteSource,...
Here are five free tools to help developers create and deliver innovative, high-quality, and secure software, faster.
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter,...
The need to include security as part of the DevOps process is well-understood, and greater numbers of DevOps teams are shifting security left to ensure their applications are more secure. But how can an organization scale its DevSecOps efforts without introducing unnecessary friction in the software development life cycle? This webinar explores some of the...
The container space has evolved dramatically, growing into a thriving ecosystem that goes well beyond containers to include orchestration platforms, monitoring tools and more to enable end-to-end container management. In this webinar, we explore the expanding category of container management, including technology and market trends and the essentials an organization needs to manage its container...
Mend Renovate joins the Mend family to offer developers a free dependency update tool that automatically resolves outdated dependencies saving developers’ time, reducing risk...
October's top 5 new open source security vulnerabilities list includes PuTTY, Go, Kubernetes, WordPress, and handlebars
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges,...
Continuous testing or testing automation? Where and how does CT fit into your DevOps pipeline? What are the benefits and best practices? Learn how to succeed at continuous testing.
Over the past few years, open source has grown in popularity especially among developers using open source code in their application development efforts. In the security space, however, open source hasn’t been as widely embraced, mostly because of concerns over vulnerabilities. But is open source software really less secure?
Here is everything you need to know about the newly disclosed Sudo security vulnerability, how it works, and how to handle the vulnerable Sudo component, if you are currently at risk.
Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan,...
Here are 5 DevSecOps tools that help to integrate security into the container development cycle.
Learn more about the two new integrations for Mend for Developers, GitLab Repo and Eclipse IDE, empowering even more developers to code more productively and securely.
Application security is an effective tool for defending against attacks. But as IT infrastructures shift to “software-defined everything” and move to the cloud, traditional AppSec models no longer are enough to protect the application. This webinar takes a look at how companies are addressing new models to address more dispersed and dynamically connected applications, from...
Join us for a webinar featuring Forrester VP and Research Director Amy DeMartine to learn more about why open source security has become critical for securing modern applications, the main considerations when evaluating an open source security and license compliance solution and what she sees in store for the future. Additionally, WhiteSource Senior Director of...
September's top 5 new open source security vulnerabilities includes popular projects like Swagger UI, the Linux Kernel, Android, Python, and curl.
Make sure that your Github and GitLab repos are secure. Here are the top 5 Git security mistakes to avoid.