Eclipse SW360: Main Features
All about Eclipse SW360 - an application that helps manage the bill of materials — and its main features.
Choose Your Type
Choose Your Topic
Our Latest Content
Why Manually Tracking Open Source Components Is Futile
Why you shouldn't track open source components usage manually and what is the correct way to do it.
Black Box Testing: What You Need to Know
What are the different types of black box testing, how is it different from while box testing, and how can black box testing help you boost security?
Managing the AppSec Toolstack
Application security should be a critical part of the DevOps process, as these days even the smallest vulnerability can wreak major havoc should they lead to failures or data breaches. As a result, however, application security and vulnerability scanning tools abound for every step of the software development life cycle, which means more tools to...
Mend Report – DevSecOps Insights 2020
Mend Report - DevSecOps Insights 2020
Top 7 Questions to Ask When Evaluating a Software Composition Analysis Solution
Software Composition Analysis software helps manage your open source components. Here are 7 questions you should ask before buying an SCA solution.
Myth Busting in Application Security
There are a lot of myths in application security. By partnering with developers, Target has busted several common security myths and proved that an effective security program can take a different approach. This session will describe how to successfully implement a “credit score” to security measurement practices, build an exclusive security champions program, and stop...
Top 9 Code Review Tools for Clean and Secure Source Code
The top code review tools that will help you detect and remediate code defects and errors before production, when they are easy & less expensive to address.
Open Source Vulnerability Databases
NVD is the main source of open source vulnerabilities, but to cover yourself you need to know all main vulnerability databases.
Why Patch Management is Important and How to Get It Right
How to make sure you have a solid patch management policy in place, check all of the boxes in the process, and use the right tools.
How Comcast Sped Up Development Without Compromising on Security
Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach...
Application Security Testing: Security Scanning Vs. Runtime Protection
The application security testing market is split into security scanning tools and runtime protection tools. In this article we define & compare all options.
Why You Need an Open Source Vulnerability Scanner
An open source vulnerability scanner is a tool that helps organizations identify and fix any risks associated with open source software usage. Learn all about it.
Diving Into the Evil internet – Vulnerability Prioritization Through the Eyes of Hackers
It’s a fact: software development teams are constantly bombarded with an increasingly high number of security alerts. Since fixing all vulnerabilities is unrealistic, it’s imperative that teams find a method to zero in on the security vulnerabilities that matter. The key: prioritization. But, there’s a big question: Which is the best way to prioritize? There...
Dependency Health – Removing the Barriers to Keeping Projects in Shape
Enterprises and Developers already know the importance of managing vulnerabilities and dependencies, so why do so many still fall behind? Like maintaining good physical health, software projects require more than just good intentions – there needs to be sensible and achievable process that developers want to follow, and the rewards must outweigh the demands. In...
The SaaS Loophole in GPL Open Source Licenses
What is the GPL SaaS loophole? Did the AGPL solve it? How can SaaS companies ensure that they are complying to their open source licenses?
3 Essential Steps for Vulnerability Remediation Process
Vulnerability remediation requires 3 important steps: knowing what you have, prioritizing and Fixing. And that goes both for proprietary and third party code.
All About IAST — Interactive Application Security Testing
Interactive application security testing (IAST) works from within an application to detect and report issues while an application is running.
Best Practices for Open Source Governance
What is the balance between getting open source usage under control and managed in an automated, continuous and consistent manner, and leaving developers the freedom to productively do their jobs.
July 2020 Open Source Security Vulnerabilities Snapshot
Read our July’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
IoT Application Security
Are security policies and practices around IoT connectivity keeping up with the pace of technological innovations?
The Security Phoenix: A Modern Approach to DevSecOps Focus on People
DevSecOps is usually a tool or fast speed approach to the organization. This talk, however, will take you through a different approach. With a holistic view of the organization, the security phoenix methodology takes into account a large organization with assessment, maturity matrix, scoring system and measurement options. We will walk through the problem of...
Software Development Life Cycle: Finding a Model That Works
This article identifies the phases of the SDLC (software development life cycle) and its main models: Waterfall and Agile.
Leading the Transformation
Digital transformation has been occurring in organizations of all sizes for the past few years, yet the process isn’t moving fast enough to move the needle in many companies. How can DevOps help increase the velocity and impact of digital transformation? This panel webinar discusses the relationship between DevOps and digital transformation and ways organizations...
What Going All-Remote Taught Us About Appsec and Testing Shortfalls
The Covid-19 pandemic led to a lot of tech companies converting to remote teams almost overnight, and for some this may even become the norm. While conferencing such as Zoom are widely known for substituting for face-to-face meetings, it’s much less appreciated how the disruption has increased asynchronous communication approaches as people are not always...
Secure Coding: A Practical Guide
Poor coding is one of the main reasons for data breaches. Secure coding practices must be used to maintain a secure application.
Advance From Open Source Code Scanner to Software Composition Analysis Solution
In recent years a shift is seen in the market whereby most open source code scanners have either changed their approach or lost their entire customer base.
June 2020 Open Source Security Vulnerabilities Snapshot
Read our June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
AppSec: Pushing Left, Like a Boss
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red...
From Dev to DevSec: How to transform developers into security rockstars
Waterfall, Agile, DevOps… it seems that every few years, a new methodology is born for optimum software creation. While these processes all have their strengths and weaknesses, the streamlining and red tape they often bring can feel like a hindrance to a developer’s main goal of building great software. So how do we shift secure thinking...
Forrester’s State of Application Security, 2020: Key Takeaways
In its 2020 AppSec report, Forrester predicts application vulnerabilities will continue to be the most common external attack method. Read the key takeaways.
DevSecOps vs. SecDevOps: A Rose by Any Other Name?
The terms DevSecOps and SecDevOps are often used interchangeably. Is there any real difference between them? Let’s explore whether there’s a difference.
How to Implement Security at the Speed of DevOps
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact – many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product...
May Open Source Security Vulnerabilities Snapshot
Learn about April's new open source security vulnerabilities, their severity, top CWEs, vulnerabilities per programming language, new XSS in jQuery XSS, and more.
Top Tools and Tips to Improve Your DevOps Pipeline
Are you ready to build your DevOps pipeline? Time to tool up with these top 7 CI/CD technologies that will help you get your feet wet.
Why You Should Avoid Copy and Paste Code
Copy and pasting code from open source projects is never a good idea from a licensing, bug fix and vulnerability perspective. Read to avoid the risks.