November 2022

Shift-Left Testing and Its Benefits

Nov 30, 2022 By Patricia Johnson In Mend

Testing practices have been shifting left in the software development process due to the growing challenge of developing and delivering high-quality, secure software at today’s competitive pace. Agile methodologies and the DevOps approach were created to address these needs. In this post, we’ll map out the basics of shift-left practices in the DevOps pipeline and discuss how to shift left your open source security and compliance testing. Contents hide 1 What does shift left mean?

Read Post

Mend

Read more about Shift-Left Testing and Its Benefits

Adventures in Open Source: A conversation about the journey and lessons learned

Nov 29, 2022 By LimaCharlie In LimaCharlie

Open source as a philosophy was born alongside the Internet at a time when the world was much more optimistic. The naysayers said it couldn’t be done, that it wasn’t secure, and that it was just a matter of time before all these projects failed. Fast forward 30-40 years and the open source ecosystem is thriving. Linux runs on the top 500 super computers in the world, almost 95% of the world’s servers, and 85% of all smart phones.

View Video

LimaCharlie

Read more about Adventures in Open Source: A conversation about the journey and lessons learned

Custom and variant licenses: What's in the fine print?

Nov 25, 2022 By Phil Odence In Synopsys

See examples of custom and variant licenses and how Black Duck Audits flag these licenses to help legal teams evaluate software risk. An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code.

Read Post

Synopsys

Read more about Custom and variant licenses: What's in the fine print?

Beyond NVD data: Using Black Duck Security Advisories for version accuracy

Nov 22, 2022 By Lauren Fearon In Synopsys

Black Duck Security Advisories provide more-accurate information on vulnerable software version ranges to help customers get more out of NVD data.

Read Post

Synopsys

Read more about Beyond NVD data: Using Black Duck Security Advisories for version accuracy

Project Pyrsia: Securing the OSS Supply Chain

Nov 22, 2022 By JFrog In JFrog

In this video, learn the mission of Project Pyrsia, how it aids in securing the #softwaresupplychain and why it matters—from project partners at JFrog, DeployHub, and Oracle!

View Video

JFrog

Read more about Project Pyrsia: Securing the OSS Supply Chain

The top three differences between an open source audit and an open source scan

Nov 11, 2022 By Umer Palla In Synopsys

Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization.

Read Post

Synopsys

Read more about The top three differences between an open source audit and an open source scan

The future of cyber threat prevention lies in open security

Nov 10, 2022 By Jake King In Elastic

For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend. However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries.

Read Post

Elastic

Read more about The future of cyber threat prevention lies in open security

Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Nov 10, 2022 By Daniella Pontes In Sysdig

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

Read Post

Sysdig

Read more about Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Supply Chain Security for Open Source: Pyrsia at CD Summit and KubeCon 2022

Nov 7, 2022 By Sudhindra Rao In JFrog

I was super excited to be at Kubecon+CloudNativeCon this year. Kubecon has managed to build a great community that goes beyond Kubernetes and has been a good catalyst in bringing together people passionate about OpenSource. Kubecon also has attracted a lot of interest due to the quality of sessions, the number of co-located events, and the opportunity to connect with peers, partners and friends.

Read Post

JFrog

Read more about Supply Chain Security for Open Source: Pyrsia at CD Summit and KubeCon 2022

Open source cybersecurity tools

Nov 3, 2022 By Christopher Luft In LimaCharlie

At LimaCharlie, we believe that open-source tools have a crucial role to play in the security industry. This conviction stems, in part, from our company history: LimaCharlie started out as an open-source endpoint detection and response (EDR) project. But beyond that, we think that the future of cybersecurity will be marked by the values of open-source tech; by a trend towards greater openness and transparency.

Read Post

LimaCharlie

Read more about Open source cybersecurity tools

Network Detection and Incident Response with Open Source Tools

Nov 2, 2022 By Corelight In Corelight

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

View Video

Corelight

Read more about Network Detection and Incident Response with Open Source Tools

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2022

Shift-Left Testing and Its Benefits

Adventures in Open Source: A conversation about the journey and lessons learned

Custom and variant licenses: What's in the fine print?

Beyond NVD data: Using Black Duck Security Advisories for version accuracy

Project Pyrsia: Securing the OSS Supply Chain

The top three differences between an open source audit and an open source scan

The future of cyber threat prevention lies in open security

Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Supply Chain Security for Open Source: Pyrsia at CD Summit and KubeCon 2022

Open source cybersecurity tools

Network Detection and Incident Response with Open Source Tools

Monthly Archive

Follow Us