Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2022

jfrog

Pyrsia: Open Source Software that Helps Protect the Open Source Supply Chain

May 25, 2022 By Lori Lorusso and Stephen Chin In JFrog

Stephen Chin is no stranger to having big ideas and implementing them to help the developer community. In the last twenty years he’s been involved in building open source IDEs, bootstrapping rich client libraries, maintaining JVM languages, and cultivating relationships with developers that do the same.

Read Post

Mend Explainer

May 25, 2022 By Mend In Mend
Mend, formerly known as WhiteSource, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project.
View Video
jfrog

JFrog & Industry Leaders Join White House Summit on Open Source Software Security

May 18, 2022 By Stephen Chin In JFrog

There’s no question the volume, sophistication and severity of software supply chain attacks has increased in the last year. In recent months the JFrog Security Research team tracked nearly 20 different open source software supply chain attacks – two of which were zero day threats.

Read Post
veracode

A Look Back at the Executive Order on Cybersecurity

May 12, 2022 By Hope Goslin In Veracode

It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a software bill of materials for the open-source libraries in use so that known vulnerabilities are disclosed and able to be tracked in the future, among other things.

Read Post
synopsys

Black Duck Open Source Audits: Working through licensing issues like a pro

May 11, 2022 By Phil Odence In Synopsys
It’s critical to have the right people and approach when it comes to understanding and resolving licensing issues in open source audits. Many of our regular Black Duck Audit customers have well-honed processes that kick in after we deliver reports. We’ve gleaned some ideas and approaches from working with these clients and the biggest pro tip? You need a pro, i.e., make sure you have an open source-savvy attorney involved.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.