Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Securing Your Package Manager's Lockfiles

Considering our reliance on open source and third party components, it’s nearly impossible to estimate how many open source libraries we’re using, especially with dependency management tools that pull in third party dependencies automatically. Adding to the challenge of keeping track of the open source components that make up our codebase, is the tangled web of transitive dependencies.

The Forrester Wave Software Composition Analysis, Q3 2021: Key Takeaways

The Forrester Wave™ Software Composition Analysis, Q3 2021 report states that open source components made up 75% of all code bases in 2020. This is more than double the 36% in 2015. As organizations increasingly rely on external components to quickly add functionality to their own proprietary solutions, they take on greater risk, especially considering these open source components may contain unmitigated vulnerabilities or violate organizations’ compliance policies.

Industry Experts Weigh In: Addressing Digital Native Security Challenges

Keeping up with today’s rapidly evolving threat landscape is an ongoing journey for software development enterprises in cloud-native environments, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery in cloud native environments. Earlier this summer WhiteSource hosted a roundtable discussion with HackerOne, AWS, and IGT about the new security challenges enterprises face as they shift to a digital native environment.

DevOps vs. Agile: What Is the Difference?

DevOps and Agile are popular modern software development methodologies. According to the 14th Annual State of Agile Report, 95% and 76% of the respondents stated that their organizations had adopted Agile and DevOps development methods, respectively. Interestingly, both approaches have the same aim: deliver the end product as efficiently and quickly as possible.

How to Bridge the Cybersecurity Skills Gap

Application security remains a top concern for organizations, making the need for skilled cybersecurity professionals as urgent as ever. Nearly half of security practitioners in high-performing enterprises who participated in a recent Ponemon Institute research report about reducing enterprise security risks stated that hacks to insecure applications are their organization’s biggest concern.

The Complete Guide to Prototype Pollution Vulnerabilities

Prototype Pollution is one of the less known vulnerabilities in the security community. Researchers started to discuss it as a potential attack vector around 2017, and the first vulnerabilities were found in the wild at the start of 2018. In this article, we’re going to take a deep dive into what Prototype Pollution vulnerabilities are, and how they can be mitigated.

How Packages' External Resources Threaten Your Supply Chain

Many developers already know that in some ecosystems, open source dependencies might run their custom code from packages when they are being installed. While this capability can be used for both good and evil, today we’ll focus on a legit use case that, when misused, can escalate and be used to compromise your organization’s supply chain. If you haven’t guessed yet, I’m talking about downloading and linking external dependencies during the install process.

Cloud Computing Security: A Primer

Gartner forecasts that worldwide public cloud end-user spending will grow 23% to USD 332.3 billion in 2021 as cloud technologies become mainstream. As cloud computing architectures continue to become more prevalent, “cloud native” has become a popular buzzword. But what exactly does “cloud native” mean and what impact does it have on security? How exactly do you secure all these cloud native applications?

Research Shows Over 100,000 Libraries Affected By Maven Vulnerability CVE-2021-26291

By Jonathan Leitschuh; Daniel Elkabes, Senior Security Researcher at WhiteSource; Ofir Keinan, Software Developer at WhiteSource The latest Maven release 3.8.1 contains a fix to security vulnerability CVE-2021-26291. Detected and reported by security researcher Jonathan Leitschuh, the vulnerability affects over 100,000 libraries in Maven Central, according to the WhiteSource security research and knowledge teams.