Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2023

synopsys

From diligence to integration: How software audits inform post-close M&A strategies

Sep 22, 2023 By Synopsys Editorial Team In Synopsys
Software due diligence is an all-important aspect of any merger and acquisition (M&A) transaction, and in the tech M&A world, a target’s software assets are a significant part of the valuation. This due diligence process should identify a target company’s open source license obligations, application security and code quality risks, and the organization, processes, and practices that compose the software development life cycle.
Read Post

Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Sep 20, 2023 By Mend In Mend
Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.
View Video
boxyhq

Navigating the Open Source Landscape: Finding Your First Contribution

Sep 15, 2023 By Nathan Tarbert In BoxyHQ

🕵️‍♂️ Embarking on your journey and learning how to contribute to open source is an exciting step towards honing your programming skills, collaborating with experts, and giving back to the global developer community. However, the challenge often lies in finding the right project to kickstart your open-source journey.

Read Post
cyberark

Is Open Source Software Dead?

Sep 14, 2023 By John Walsh In CyberArk

Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.

Read Post
Trustwave

To OSINT and Beyond!

Sep 13, 2023 By Medz Barao In Trustwave

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

Read Post
CalCom

Open Source CyberSecurity Tools for Hardening

Sep 3, 2023 By John Gates In CalCom
Open-source cybersecurity tools offer a prime solution for independent security experts, emerging businesses, and even medium to large enterprises aiming to tailor their security framework. These tools serve as a foundational platform for fostering security advancements, integrating proprietary software code and security automation scripts.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.