Tag: open source security
Software Supply Chain Threats Are on the OWASP Top Ten—Yet Nothing Will Change Unless We Do
Joseph M. Saunders | | open source security, OWASP Top 10, SBoM, Software Supply Chain Security, supply chain attacksSoftware supply chain security is steadily moving to the forefront of cybersecurity conversations. In the past, it has been overshadowed by a focus on malware outbreaks, ransomware, endpoint protection, and application vulnerabilities ...
The Silent Technical Debt: Why Manual Remediation Is Costing You More Than You ThinkÂ
Bob Shaker | | ActiveState report, continuous remediation, cybersecurity efficiency, Dependency Management, developer productivity, devsecops, engineering performance, innovation tax, intelligent remediation, KubeCon 2025, manual remediation, Mean Time to Remediate, mttr, open source security, remediation debt, security automation, software vulnerabilities, technical debt, transitive dependencies, vulnerability managementManual vulnerability remediation drains time, innovation, and security. Learn how intelligent remediation eliminates hidden technical debt and accelerates DevSecOps ...
Establishing Visibility and Governance for Your Software Supply Chain
Parth Patel | | application security, asset visibility, attack surface management, build-time security, Cloud Governance, context-aware security, cybersecurity governance, dependency tracking, eBPF runtime analysis, Kubernetes Gatekeeper, Log4Shell, open source security, provenance attestation, risk reduction, SBoM, SBOM automation, secure software development, SLSA, software bill of materials, software provenance, Software Supply Chain Security, supply chain risk, Third-party Dependencies, VEX, vulnerability management, vulnerability prioritizationAsset visibility and cloud governance start with SBOMs, VEX, and provenance tracking. Learn how to secure your software supply chain ...
How GitHub Plans to Secure npm After Recent Supply Chain Attacks
Tom Smith | | API token deprecation, CI/CD authentication, crates.io security, npm 2FA, npm registry attack, npm token theft, open source security, package registry malware, PyPI trusted publishing, Shai-Hulud worm, Software Supply Chain Security, trusted publishingGitHub strengthens npm security after Shai-Hulud worm attack with mandatory 2FA, granular tokens, and trusted publishing to protect the open source supply chain ...
Lineaje Adds Module to Manage Open Source Software Security Lifecycle
This can help DevSecOps teams identify open source software projects that are not being well maintained ...
Does More Money Improve Open Source Security?
It sounds simple: If you pay developers more money they'll improve the quality and security of their code. The evidence isn't so clear ...
How Devs Can Improve Open Source Security in the Enterprise
Modern applications are dynamic. They’re distributed and they’re often born in the cloud. These applications can be developed on the fly, spun up and scaled quickly to meet evolving user and market ...
Securing Open Source Components in a World of Mixed Committer Motivations
Our world runs on software that contains open source components. This places an increased burden on developers, as the primary consumers and deployers of those components, to use code that is fully ...
Sigstore Code Signing Service Becomes Generally Available
A free digital signing service for software created by the Sigstore open source community has become generally available this week via the cloud. Announced at the SigstoreCon event that occurred during the ...
Log4j: Is There Such a Thing as ‘Too Much’ Open Source?
The Log4j vulnerability got me thinking: Is there such a thing as too much open source? Before anyone immediately fires off a flaming email, rage tweet or scathing blog post, hear me ...
Snyk Tool Prioritizes Open Source Vulnerabilities
Snyk today announced it has enhanced the ability of its namesake vulnerability scanning tool by adding the ability to identify which open source vulnerabilities should be fixed first using a scoring tool ...
Open Source Vulnerabilities Were Up 50% in 2019 — How Will It Impact Software Development in 2020?
Jeffrey Martin | | National Vulnerability Database, open source, open source security, open source vulnerabilities, software development, State of Open Source Security Vulnerabilities ReportOpen source vulnerabilities have been on the rise in recent years, but 2019 was truly one for the record books with a spike of nearly 50% over the previous year. According to ...
