Eclipse SW360: Main Features
All about Eclipse SW360 - an application that helps manage the bill of materials — and its main features.
Read about application security, DevSecOps, license compliance, supply chain security, and malicious packages.
All about Eclipse SW360 - an application that helps manage the bill of materials — and its main features.
Why you shouldn't track open source components usage manually and what is the correct way to do it.
What are the different types of black box testing, how is it different from while box testing, and how can black box testing help you boost security?
Application security should be a critical part of the DevOps process, as these days even the smallest vulnerability can wreak major havoc should they lead to failures or data breaches. As a result, however, application security and vulnerability scanning tools abound for every step of the software development life cycle, which means more tools to...
Mend Report - DevSecOps Insights 2020
Software Composition Analysis software helps manage your open source components. Here are 7 questions you should ask before buying an SCA solution.
There are a lot of myths in application security. By partnering with developers, Target has busted several common security myths and proved that an effective security program can take a different approach. This session will describe how to successfully implement a “credit score” to security measurement practices, build an exclusive security champions program, and stop...
The top code review tools that will help you detect and remediate code defects and errors before production, when they are easy & less expensive to address.
NVD is the main source of open source vulnerabilities, but to cover yourself you need to know all main vulnerability databases.
How to make sure you have a solid patch management policy in place, check all of the boxes in the process, and use the right tools.
Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach...
The application security testing market is split into security scanning tools and runtime protection tools. In this article we define & compare all options.
An open source vulnerability scanner is a tool that helps organizations identify and fix any risks associated with open source software usage. Learn all about it.
It’s a fact: software development teams are constantly bombarded with an increasingly high number of security alerts. Since fixing all vulnerabilities is unrealistic, it’s imperative that teams find a method to zero in on the security vulnerabilities that matter. The key: prioritization. But, there’s a big question: Which is the best way to prioritize? There...
Enterprises and Developers already know the importance of managing vulnerabilities and dependencies, so why do so many still fall behind? Like maintaining good physical health, software projects require more than just good intentions – there needs to be sensible and achievable process that developers want to follow, and the rewards must outweigh the demands. In...
What is the GPL SaaS loophole? Did the AGPL solve it? How can SaaS companies ensure that they are complying to their open source licenses?
Vulnerability remediation requires 3 important steps: knowing what you have, prioritizing and Fixing. And that goes both for proprietary and third party code.
Interactive application security testing (IAST) works from within an application to detect and report issues while an application is running.
What is the balance between getting open source usage under control and managed in an automated, continuous and consistent manner, and leaving developers the freedom to productively do their jobs.
Read our July’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
Are security policies and practices around IoT connectivity keeping up with the pace of technological innovations?
DevSecOps is usually a tool or fast speed approach to the organization. This talk, however, will take you through a different approach. With a holistic view of the organization, the security phoenix methodology takes into account a large organization with assessment, maturity matrix, scoring system and measurement options. We will walk through the problem of...
This article identifies the phases of the SDLC (software development life cycle) and its main models: Waterfall and Agile.
Digital transformation has been occurring in organizations of all sizes for the past few years, yet the process isn’t moving fast enough to move the needle in many companies. How can DevOps help increase the velocity and impact of digital transformation? This panel webinar discusses the relationship between DevOps and digital transformation and ways organizations...
The Covid-19 pandemic led to a lot of tech companies converting to remote teams almost overnight, and for some this may even become the norm. While conferencing such as Zoom are widely known for substituting for face-to-face meetings, it’s much less appreciated how the disruption has increased asynchronous communication approaches as people are not always...
Poor coding is one of the main reasons for data breaches. Secure coding practices must be used to maintain a secure application.
In recent years a shift is seen in the market whereby most open source code scanners have either changed their approach or lost their entire customer base.
Read our June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red...
Waterfall, Agile, DevOps… it seems that every few years, a new methodology is born for optimum software creation. While these processes all have their strengths and weaknesses, the streamlining and red tape they often bring can feel like a hindrance to a developer’s main goal of building great software. So how do we shift secure thinking...
In its 2020 AppSec report, Forrester predicts application vulnerabilities will continue to be the most common external attack method. Read the key takeaways.
The terms DevSecOps and SecDevOps are often used interchangeably. Is there any real difference between them? Let’s explore whether there’s a difference.
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact – many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product...
Learn about April's new open source security vulnerabilities, their severity, top CWEs, vulnerabilities per programming language, new XSS in jQuery XSS, and more.
Are you ready to build your DevOps pipeline? Time to tool up with these top 7 CI/CD technologies that will help you get your feet wet.
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.