Read research reports about application security, DevSecOps, open source license compliance and audit
“As DevOps continues to gain popularity for rapid delivery and innovation of IT-enabled capabilities, concerns about security increase. Security and risk management leaders must adapt security tools, processes and policies to the DevOps toolchain without slowing the development and release process.” Download this report from Gartner to read their recommendations on how to: Work in...
What’s in the report? Learn how the most popular JavaScript package manager – npm – is being used by malicious actors to launch attacks, run botnets, and steal credentials and crypto. Why should you care about malicious npm activity? JavaScript is the most commonly used programming language globally, and 68% of developers depend upon it...
Cybersecurity experts say that the Log4j vulnerability is perhaps the most severe flaw of its type in decades. If not addressed, it could detrimentally affect millions of pieces of software in some of the world’s largest organizations, and hundreds of millions of devices globally. What can security and application developers do to identify and mitigate...
As AppSec practices continue to shift left into development, the task of ensuring that open source libraries are up-to-date and vulnerability-free falls on developers’ shoulders -- and it is quite a task. In order to gain a better understanding of the process of open source vulnerability management, our Knowledge Team analyzed vulnerable npm packages, checking the CVE publication date and comparing it to the release date of the vulnerabilities’ fix.
Per Gartner, “Growing risks and ubiquitous use of open-source software in development make software composition analysis essential to application security. Security and risk management leaders must expand the scope of tools to include detection of malicious code, operational and supply chain risks.” Everything You Need to Know About the SCA Market Is in This Guide....
What’s in the report? Find out how the top 10 SCA vendors rank and why Forrester named WhiteSource a leader in their Software Composition Analysis Wave™ Report, Q3 2021. Why should Software Composition Analysis matter to you? Forrester reports that open source components made up 75% of all code bases in 2020, up from 36%...
WhiteSource Annual Report Open Source Vulnerabilities 2021
Whitesource Ponemon Research Report: "Reducing Enterprise Application Security Risks"
WhiteSource Report - DevSecOps Insights 2020
WhiteSource Report - Developers Are Taking Over AppSec