Open source software is a key component in modern applications. It has created a new era in software development, promoting a free exchange of ideas within the developer community and enabling developers to build more functional software, faster than ever. Based on most estimates, 70-90% of any piece of modern software includes open source code.
The cloud has enabled organizations to build and deploy applications faster than ever, but security has become more complex. The shift to cloud has created a world where everything is code — not just the applications, but also the infrastructure they run on. So, any security issue within an application or cloud environment can put an entire system at risk. And keeping that cloud native application stack secure is increasingly the responsibility of development teams.
Great things happen when the academic world and the software industry work together! Today, we’d like to share a story about our recent collaboration with the CISPA Helmholtz Center for Information Security, a big science institution in Germany. Back in January, Cris Staicu Ph.D. (Tenure-Track Faculty, CISPA), contacted us about his research on NodeJS and JavaScript.
Policies have a vital role in every organization, but can mean a lot of different things depending on the context. For our purposes, a policy refers to the principles or ideas that an organization uses to make decisions. In this post, we’ll discuss Open Policy Agent (OPA) and its rule language, Rego, highlighting how we can use them to write a simple policy for a payroll microservice.
During SnykWeek Boston, Simon Maple (Field CTO, Snyk) led a panel discussion about developer adoption of application security. The panelists included: Want the TL;DR? Here are some of our favorite takeaways: Read on to dive deeper into these illuminating insights around organizing security teams, setting security goals, empowering developers, improving compliance, and much more.
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.
Like any company that uses web apps or enterprise software built with Java, San Francisco-based LiveRamp was concerned that it had been infected by the Log4Shell zero-day vulnerability within Log4j — the popular open source logging library.
Security is a critical, if somewhat overwhelming, task for any organization. As products grow and teams expand, the challenge of maintaining a security posture at scale increases as well. This is where automation comes in. The ability to automate security tasks offers obvious benefits such as increased speed, while also driving deeper shifts in a company’s culture and processes.
