Open Source Analysis Extends Your Visibility
Open source analysis gives you visibility into your open source code and allows you to manage your open source components.
Choose Your Type
Choose Your Topic
Our Latest Content
Harnessing Development to Scale AppSec
GitLab helps you to scale security across your Continuous Integration (CI) process enabling developers to test their code with every code change, right in their existing workflow. By seamlessly integrating WhiteSource’s security application testing solution in GitLab CI, we further reduce context switching and increase developer productivity. This enables developers and InfoSec professionals to work...
April Open Source Security Vulnerabilities Snapshot
Check in to learn about the new open source security vulnerabilities published in March, their severity, top CWEs, vulnerabilities per programming language, new critical FastXML jackson-databind seria
The State of Open Source Security Vulnerabilities in 2020
WhiteSource’s Annual Report on The State of Open Source Security Vulnerabilities in 2020 found that a record-breaking number of new open source security vulnerabilities in was published in 2019. In our research, we focused on open source security’s weakest and strongest points in the hopes of bringing some clarity to the fast-paced and complex space...
Kubernetes Pod Security Policy Best Practices
Using Kubernetes pod security policies to maximum effect takes some effort. this article explains how to get the most out of Kubernetes pod security policies.
The State of Open Source Security
Open source security, once viewed as an oxymoron, has come into its own as a way for organizations to secure their environments without breaking their bank. As a result, a plethora of open source security technologies have flooded the market, creating more opportunity as well as challenges and a healthy dose of confusion. The webinar...
How to Balance Between Security and Agile Development the Right Way
What can be done to better balance between security and agile development? What steps can be taken to ensure agile development processes are done in a secure manner?
Innocent Vulnerabilities vs. Malicious Backdoors: How to Manage Your Risk
Have you considered what truly separates accidental vulnerabilities in open source from intentionally malicious releases? Although often grouped together as “vulnerabilities”, malicious open source components are very different, right from their very creation through to the way you mitigate and remediate them as an end user. The past 12 months saw a record-breaking time for...
5 Things to know about Open Source Security
Open Source has become the key building block for application development in today’s market, where companies are under constant pressure to accelerate time to market. The increasing adoption of open source components, however, has introduced new security challenges that most teams are not prepared to mitigate in their current posture. Join the industry expert, at...
Web Application Security at Every Stage of the SDLC
Developments in web applications have increased the risk of malicious attacks. know the steps to secure your enterprise.
9 Expert AppSec Predictions for 2020
AppSec experts from across the industry give their predictions for application security in 2020 and beyond.
16 Women Paving the Way in AppSec
To celebrate International Women's Day, we rounded up the most inspiring women leading the way in AppSec.
Assessing the Kubernetes Landscape
In the runup to KubeCon + CloudNativeCon Europe, we’ll examine what’s happening in the Kubernetes and containers landscape, including new technologies, services and ecosystems worth knowing about as well as changes looming on the horizon.
InnerSource: How Open Source Best Practices Help Enterprise Development Teams
What are the benefits of InnerSource and how can organizations adopt InnerSource to improve their internal development processes?
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open-source components are prevalent in approximately 97% of modern applications and dominate anywhere between 60-80% of their codebases. This is hardly surprising given how integrating open source accelerates software development and enables organizations to keep up with today’s frantic release pace and standards of constantly supplying new features and improvements. However, taking into consideration the...
Strategies for Improving Enterprise Application Security
Most online attacks begin when a hacker discovers a single vulnerability in an enterprise application. But how can organizations eliminate these vulnerabilities before they are exploited? While most enterprises are focused on application scanning and remediation, many software development experts are advocating better, more secure application development initiatives that prevent vulnerabilities from occurring in the...
Fire Alarms vs. Fire Hoses Keeping Up with Dependencies
Today no one can claim ignorance about the need for an open source vulnerability strategy, so what is yours? Are you the fire alarm type, who prefers to sit tight unless a vulnerability alert is ringing in your inbox? Or are you the fire hose type, staying ahead of the game with a never-ending stream...
What You Need to Know About the New OpenSSH Security Updates
OpenSSH's new v8.2 contains security updates to protect users. Why are the updates important and what do they mean for you?
Whose Vulnerability Is It Anyway?
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter,...
7 Open Source Projects We Love
Celebrating Valentines with a shout-out to Kubernetes, Ansible, django, Apache Cassandra, TensorFlow, and more open source projects that we love
11 Best Security Conferences to Attend in 2020
From RSA to DEF CON, from OWASP to SANS, here are our recommendations for 11 security conferences you want to attend in 2020, and why.
Predict 2020 – Developers Do Security
Amid all the talk of shifting left, mingling the DevOps and Security tribes and how can we do code better, faster and with more quality a funny thing happened. Security vendors are developing security tools for devs and DevOps. The security team still pays for them, but they won’t buy them without Dev and DevOps...
DevSecOps: Closing the Loop from Detection to Remediation
DevSecOps approach, testing tools and practices are integrated even further left in the development pipeline. Join Senior Product Manager, Shiri Ivtsan, as she discusses: Where and how developers are implementing DevSecOps in the SDLC; Best practices for developers to adopt DevSecOps and more efficiently handle vulnerabilities; Necessary steps for implementing a process for detection, prioritization,...
Barriers to Container Security and How to Overcome Them
Over the past few years, more and more companies are turning to containerized environments to scale their applications. However, keeping containers secure throughout the development life cycle presents many challenges to security and development teams. In order to address them, organizations need to adopt a new set of security processes and tools. This session will...
Top Ten Open Source Security Vulnerabilities in 2019
2019 is finally behind us, and we are all already speeding through 2020, full of promise and new resolutions. While there are many things we would all rather leave in the past, the issue of open source security vulnerabilities is still as relevant as ever. To keep you all in the know, our hard-working Knowledge...
Open Source Licenses: Trends and Predictions
In this article we'll take a look at the trends of open source license usage this year and compare them to previous years.
Top 20 Developer Advocates To Follow
Developer advocates engage with developer communities to help them use their tools more productively. Read about the top developer advocates to follow in 2020.
Top 5 New Open Source Security Vulnerabilities in December 2019
December's list of top 5 new open source security vulnerabilities includes some of the most popular projects like SQLite, TensorFlow, PHP, and npm
4 Steps Developers Should Take To Use npm Securely
How can you make sure that your NPM security is covered? Here are four NPM security tips for developers.
Panel Discussion: Cloud Security – Keeping Serverless Data Safe
The push to the cloud has introduced a previously unknown level of agility to many organizations, but sometimes at the expense of data security. Human error often is the cause of cloud security blunders, putting sensitive data at risk and causing real damage to companies in terms of financial liability and loss of reputation. This...
Tackling the Container Iceberg
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of. What are the security implications of only seeing the tip of the iceberg? What are the challenges one faces when relying so heavily on open source? And how can teams overcome these? Join Codefresh and WhiteSource,...
Who Owns Application Security in the Age of DevOps?
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter,...
Welcome to Mend, Renovate!
Mend Renovate joins the Mend family to offer developers a free dependency update tool that automatically resolves outdated dependencies saving developers’ time, reducing risk...
Top 5 New Open Source Security Vulnerabilities in October 2019
October's top 5 new open source security vulnerabilities list includes PuTTY, Go, Kubernetes, WordPress, and handlebars
Empowering Financial Institutions to use Open Source With Confidence
The days when financial institutions relied solemnly on proprietary code are over. Today, even the largest financial services firms have realized the benefits of using open source technology to build powerful, innovative applications at a reduced time-to-market. However, the financial services industry faces strict regulatory requirements that present it with a unique set of challenges,...
Open Source Security – Weighing the Pros and Cons
Over the past few years, open source has grown in popularity especially among developers using open source code in their application development efforts. In the security space, however, open source hasn’t been as widely embraced, mostly because of concerns over vulnerabilities. But is open source software really less secure?