Setting Up an Effective Vulnerability Management Policy
What you need to know in order to set up an effective and comprehensive vulnerability management process in your organization.
Choose Your Type
Choose Your Topic
Our Latest Content
Renovating with Renovate
Renovate was originally created to scratch an internal itch, so we’ve been both enjoying its capabilities and testing them from day one. When people get started or get comfortable with using Renovate, it’s pretty understandable that they might look at the Renovate project itself as a reference user. We’ve put together this post to share how...
Software Supply Chain Attacks
Software supply chain attacks are increasing. Learn what a software supply chain attack is, and about the recent attacks.
Reducing Enterprise Application Security Risks: More Work Needs to Be Done
Whitesource Ponemon Research Report: "Reducing Enterprise Application Security Risks"
RASP: The What, Why and How
Taking a look at RASP basics: What is RASP? Why do developers need it? Does it live up to the hype?
Serverless Security Explained
We break down the basics of serverless security in this guide, helping your team to make the next move in the evolution of cloud computing.
Three Open Source Software Security Myths Dispelled
Myths persist about the usage of open source components. The following are the top 3 concerns associated with open source use.
Best Practices for Developers to Master Security
When you ask developers what they think of security, they will likely go into the situation without much enthusiasm as in their mind – security is slowing them down and holding them back from doing their “actual” job. But – it doesn’t necessarily have to be that way. The friction between developers and security teams...
Top 3 Open Source Risks and How to Beat Them
As much as we love the benefits of using open source software components, they still come with risks. We're here to help you better understand these risks.
AWS Oil and Gas Roundtable
As part of their journey to Digital Transformation, Oil & Gas enterprises are shifting their focus on becoming agile through DevOps in order to provide efficiency and productivity. Because there is no single standard DevOps methodology, many companies are finding it challenging to manage security requirements, which contributes to a slow start, slow delivery, and...
ISIT Shifting Compliance & Security Left – Into the Hands of The Developers
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Arad Ivtsan, Director of Product Management at WhiteSource will discuss...
FOSSAware -Software Composition Analysis application as part of an effective Open Source compliance program
Encompassing over two-thirds of the average commercial software, open-source has become an essential part of modern software development. Undermanaging the consumption and redistribution of Open source expose the enterprise to extensive legal and security risks and is no longer a viable option. Having an effective Open Source compliance program is a key differentiator marking industry-leading...
Gray Box Testing Guide
Learn about the gray box testing, how it’s done, its techniques and tools, its advantages and disadvantages, and more.
Microservices Architecture: Security Strategies and Best Practices
Why is microservices security important? Key principles and best practices to ensure your microservices architecture is secure.
Security Challenges and Opportunities of Remote Work
The COVID-19 pandemic forced many organizations to shift to a remote workforce almost overnight, most of which were not prepared for the sudden change. In their efforts to ensure their employees could remain productive, a number of organizations relaxed their security policies and unwittingly exposed their networks to compromise. As the pandemic continues, security challenges...
API Security in a Digitally Transformed World
API security is an essential part of application security in a digitally transformed world.
The Main Application Security Technologies to Adopt in 2021
The Main Application Security Technologies to Adopt in 2021
White Hat Hacking – Not What You Expect
what motivates white hat hackers to take the time to prod and probe our software, looking for bugs?
How to Set Up an Open Source Strategy
How to set up and implement an open source strategy that will ensure open source security and compliance.
CVE (Common Vulnerabilities and Exposures) — What is it and how to understand it
What are CVEs and how are they published? What kind of information do CVEs offer about security vulnerabilities in publicly released software?
The 10 Best Security Conferences to Attend in 2021
The top security conferences to visit in 2021, virtually or in-person.
Top 10 Open Source Vulnerabilities In 2020
To help you stay on top of your open source security, here is our list of top 10 open source security vulnerabilities in 2020.
What You Need To Know About Application Security Testing Orchestration
What is application security testing orchestration and why it is crucial in helping organizations make sure all potential risks are tracked and addressed.
The Battle for Container Security
As a technology, containers have done much to advance software development. However, it’s not without its issues, particularly in regards to security. Container security challenges have delayed or halted deployments, impeding organizations’ process in their quest to produce better quality software, faster. In this webinar, we discuss the current state of container security and what...
Shifting Compliance and Security Left – Into the Hands of the Developers
The software world is alive with talk of shifting left – but what does it really mean? Theoretically, it means shifting responsibility for security & compliance to developers. In practice, it largely means enriching CI/CD processes to detect problematic licenses & vulnerabilities before they reach the main branch or production. Shiri Ivtsan, Director of Product...
Apache Struts Vulnerabilities Pose ‘Stay or Go’ Question
Apache Struts vulnerabilities are causing users to consider migrating to competing frameworks. We list the reasons to stay or go.
Get to know Mend Merge Confidence Feature
Merge Confidence identifies and flags undeclared breaking releases based on analysis of test & release adoption data.
The DevSecOps Showdown – How to Bridge the Gap Between Security and Developers
DevSecOps requires processes and tools that enable weaving security throughout the DevOps pipeline. It is much more than a buzzword, and if you’d ask most organizations, well – they believe they are in the process of adopting DevSecOps tools and practices. But – are they? In order to deeply understand the state of DevSecOps implementation...
What Is CVSS v3.1? Understanding The New CVSS
Explore the changes in CVSS v3.1 vs. CVSS 3.0 and understand their importance. Learn how to use CVSS 3.1
White Box Testing Guide
Learn all about white box testing: how it’s done, its techniques, types, and tools, its advantages and disadvantages, and more.
Top Tips for Getting Started With a Software Composition Analysis Solution
Top tips for getting started with Mend Composition Analysis to ensure your implementation is successful.
Be Wise — Prioritize: Software Security Vulnerability Prioritization
How prioritization can help development and security teams minimize security debt and fix the most important security issues first.
Eclipse SW360: Main Features
All about Eclipse SW360 - an application that helps manage the bill of materials — and its main features.
Why Manually Tracking Open Source Components Is Futile
Why you shouldn't track open source components usage manually and what is the correct way to do it.
Black Box Testing: What You Need to Know
What are the different types of black box testing, how is it different from while box testing, and how can black box testing help you boost security?