New York, NY, USA
Jul 22, 2021   |  By Daniel Elkabes
Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.
Jul 15, 2021   |  By Maciej Mensfeld
Many developers already know that in some ecosystems, open source dependencies might run their custom code from packages when they are being installed. While this capability can be used for both good and evil, today we’ll focus on a legit use case that, when misused, can escalate and be used to compromise your organization’s supply chain. If you haven’t guessed yet, I’m talking about downloading and linking external dependencies during the install process.
Jul 1, 2021   |  By Patricia Johnson
Penetration testing is a common technique used to analyze the security posture of IT infrastructure. Web application penetration testing can assist you in identifying the potential security weaknesses in your web-based applications so that they can be fixed before attackers exploit them.
Jun 24, 2021   |  By Patricia Johnson
Gartner forecasts that worldwide public cloud end-user spending will grow 23% to USD 332.3 billion in 2021 as cloud technologies become mainstream. As cloud computing architectures continue to become more prevalent, “cloud native” has become a popular buzzword. But what exactly does “cloud native” mean and what impact does it have on security? How exactly do you secure all these cloud native applications?
Jun 15, 2021   |  By Jonathan Leitschuh
By Jonathan Leitschuh; Daniel Elkabes, Senior Security Researcher at WhiteSource; Ofir Keinan, Software Developer at WhiteSource The latest Maven release 3.8.1 contains a fix to security vulnerability CVE-2021-26291. Detected and reported by security researcher Jonathan Leitschuh, the vulnerability affects over 100,000 libraries in Maven Central, according to the WhiteSource security research and knowledge teams.
Jun 10, 2021   |  By Maciej Mensfeld
As supply chain attacks continue to dominate headlines, software development teams are beginning to realize that package management can’t be taken lightly — the threats hidden under the hood are real. In this installment of The Source, we want to talk about the practices and tools that developers need to adopt in order to protect against supply chain attacks.
Jun 3, 2021   |  By Patricia Johnson
The Docker vs. Kubernetes debate is common in the containerization world. Although most people like comparing Kubernetes and Docker, the two technologies are not exchangeable—you cannot choose one over the other. They are essentially discrete technologies that can perfectly complement each other when creating, delivering, and scaling containerized applications. In fact, the best at par comparison would be Docker Swarm vs. Kubernetes, which we’ll talk about later.
May 27, 2021   |  By Patricia Johnson
We all dream of creating the next big thing: getting that investment that will help us over the finish line, landing a partnership with one of the big players, or getting acquired by a global enterprise. But as we race to keep ahead of the market and surprise our customers with bigger and better offerings than they ever imagined, we have to pass that dreaded series of hurdles: technical due diligence.
May 20, 2021   |  By Julie Peterson
“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.”
May 13, 2021   |  By Julie Peterson
Ponemon Institute’s Reducing Enterprise Application Security Risks: More Work Needs to Be Done looks at the reasons why many enterprises consider the application layer to be the highest security risk. Ponemon Institute, in partnership with WhiteSource, surveyed 634 IT and IT security practitioners about their enterprises’ approach to securing applications.
Apr 28, 2021   |  By WhiteSource
Vonage automates open source security using developer-focused tools within their native development environment.
Nov 24, 2020   |  By WhiteSource
WhiteSource Merge Confidence helps developers update and remediate their dependencies fearlessly. Save time and resources with Merge Confidence integrated into your workflows to setup automated pull requests triggered per confidence level.
Oct 20, 2020   |  By WhiteSource
Open Raven CEO and founder of OWASP, Mark Curphey, explains why he wanted to ensure Open Raven's developers could detect license and vulnerability issues earlier in the development life cycle and why WhiteSource was the obvious choice.
Sep 3, 2020   |  By WhiteSource
Keep your open source components secure and compliant with native browser, IDE and repositories integration using WhiteSource for Developers.
Jun 2, 2020   |  By WhiteSource
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red team exercises, developer education programs and bug bounties, this talk will show you how to ‘push left', like a boss.
May 29, 2020   |  By WhiteSource
WhiteSource provides a powerful yet simple solution for companies that need to secure and manage their open source components in their applications. As the only enterprise-grade solution that is focused exclusively on open source management, WhiteSource is trusted by the 25 of Fortune 100 companies.
May 10, 2020   |  By WhiteSource
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. the DevOps pipeline
Apr 26, 2020   |  By WhiteSource
Container images are based on many direct and indirect open source dependencies, which most developers are not aware of.
Apr 19, 2020   |  By WhiteSource
Thanks to containerization and automation, applications are being developed and delivered faster than ever. With tools such as AWS ECR, developers are able to store, manage and deploy Docker container images without having to worry about operating their own container repositories or scaling the underlying infrastructure. With this, however, arise challenges around managing the security and compliance aspect of your container images. With tools such as WhiteSource, developers are able to manage the security of their containers and container images with no impact on agility and speed.
Apr 19, 2020   |  By WhiteSource
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise, more open source components are adopted, and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter, allowing organizations to meet market demands and deliver a superior customer experience, but is application security keeping up?
Jul 1, 2020   |  By WhiteSource
Behind every developer is a beloved programming language. In heated debates over which language is the best, the security card will come into play in support of one language or discredit another. We decided to address this debate and put it to the test by researching WhiteSource's comprehensive database. We focused on open source security vulnerabilities in C, Java, JavaScript, Python, Ruby, PHP, and C++, to find out which programming languages are most secure, which vulnerability types (CWEs) are most common in each language, and why.
Jul 1, 2020   |  By WhiteSource
We surveyed over 650 developers, and collected data from the NVD, security advisories, peer-reviewed vulnerability databases, issue trackers and more, to gather the latest industry insights in open source vulnerability management.
Jun 1, 2020   |  By WhiteSource
Developers across the industry are stepping up to take more responsibility for their code's vulnerability management. In this report we discuss trends in how security is shifting left to the earliest stages of development, putting the power developers in the front seat. We explore the growth of automated tools aimed at helping developers do more with fewer resources and look for answers on what is needed to help close the gap from detection to remediation.
Jun 1, 2020   |  By WhiteSource
Software development teams are constantly bombarded with an increasingly high number of security alerts. Unfortunately, there is currently no agreed-upon strategy or a straightforward process for vulnerabilities' prioritization. This results in a lot of valuable development time wated on assessing vulnerabilities, while the critical security issues remain unattended.

No component overlooked. WhiteSource identifies every open source component in your software, including dependencies. It then secures you from vulnerabilities and enforces license policies throughout the software development lifecycle. The result? Faster, smoother development without compromising on security.

Not all vulnerabilities are created equal. WhiteSource prioritizes vulnerabilities based on whether your code utilizes them or not, so you know exactly what needs your attention the most. This reduces security alerts by up to 85%, allowing you to remediate more critical issues faster.

Complete Platform:

  • WhiteSource Core: We help you keep things in order.WhiteSource is built to streamline your open source governance. With a full layer of alerting, reporting and policy management, you are effortlessly secure and always in control.
  • WhiteSource for Developers: WhiteSource for Developers is uniquely designed to simplify developers’ work, while keeping the code secure. Its suite of tools helps speed up integration, find problematic components, and remediate them quickly and easily.
  • WhiteSource for Containers: WhiteSource integrates into all stages of the container development lifecycle, including container registries and Kubernetes with automated policy enforcement for maximum visibility and control.

The simplest way to secure and manage open source components in your software.