Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2023

The Unseen Risks of Open Source Dependencies: The Case of an Abandoned Name

One often-overlooked risk in the bustling ecosystem of open-source software are vulnerabilities introduced through software dependencies. We mention this because today, a malicious actor took over a RubyGems package name with more than two million downloads. Mend.io technology detected the package before it could be used for an attack, but the case of ‘gemnasium-gitlab-service‘ serves as an important reminder of the risk of neglecting dependency management.

What You Should Know About Open Source License Compliance for M&A Activity

Companies are increasingly concerned about the security of applications built on open source components, especially when they’re involved in mergers and acquisitions. Just like copyright for works of art, each piece of open source software has a license that states legally binding conditions for its use.

Bytesafe Community Edition: Bringing Enterprise Security to All

Bytesafe is a secure package management solution that helps organizations of all sizes protect their software supply chains from known vulnerabilities and other threats. In our commitment to enhance the security of open-source ecosystems, today we are excited to announce the availability of Bytesafe Community Edition, a free and open source version of our software that is available.

Unleashing the power of community-driven cloud security

As cloud technology continues to be a cornerstone of modern businesses and organizations, securing cloud environments has become more crucial than ever. Enter cloud security posture management (CSPM), a proactive approach to ensuring the security of cloud infrastructures. With CSPM, organizations can continuously monitor, assess, and remediate potential vulnerabilities and misconfigurations in their cloud environments. But when choosing a CSPM solution, is open source the way to go?

What is OSINT?

OSINT stands for open-source intelligence. It is the collection, analysis, and dissemination of information from publicly available sources, such as social media, government reports, newspapers, and other public documents. OSINT is commonly used by intelligence agencies, private investigators, and law enforcement to gather information about an individual or organization. The OSINT framework showcases the multiple ways in which organizations can gather intelligence.

Software Composition Analysis Explained

Open source code is everywhere, and it needs to be managed to mitigate security risks. Developers are tasked with creating engaging and reliable applications faster than ever. To achieve this, they rely heavily on open source code to quickly add functionality to their proprietary software. With open source code making up an estimated 60-80% of proprietary applications’ code bases, managing it has become critical to reducing an organization’s security risk.

2023 OSSRA deep dive: jQuery and open source security

According to the 2023 “Open Source Security and Risk Analysis” (OSSRA) report, 96% of commercial code contains open source. In fact, 76% of the code scanned by Black Duck® Audit Services was open source. In other words, no matter what applications your organization builds, uses, or sells, you can be virtually certain that the application contains open source.

Curating Open source Libraries on JFrog Platform, part II.

Software supply chain security has been the most widely discussed topic for anyone who is writing applications utilizing the majority of open-source or third-party libraries. This webinar will showcase JFrog Platform's abilities to curate and compose workflows to help isolate libraries that have vulnerabilities and promote libraries to repositories that can be safely used. This webinar will also demonstrate self-service curation workflows.