TL;DR We’ve partnered with SprintoGRC, the full-stack security compliance automation platform, to help companies put security on autopilot. Get compliance done 🤝 get back to building.

Intel is our open-source security threat feed powered by AI and our in-house research team. Intel monitors and uncovers vulnerabilities in open-source packages before they are disclosed. Many never are.

Cursor AI has quickly become the hot AI code editor, rapidly gaining popularity with developers looking to write code faster and more efficiently. But while Cursor accelerates coding, how can devs trust that Gen AI code is secure?

If you missed it, over the summer months launched our product on the AWS Marketplace with the promise to deliver the fastest “time-to-security” in the industry for new AWS users. We’ve also officially joined the AWS Partner Network (APN) as a validated AWS partner. This means we went through the AWS Foundational Technical Review (FTR). We are FTR-approved* and meet the well-architected best practices enforced by AWS, not to brag. ;) Psst.

Path traversal, also known as directory traversal, occurs when a malicious user manipulates user-supplied data to gain unauthorized access to files and directories. Typically the attacker will be trying to access logs and credentials that are in different directories. Path traversal is not a new vulnerability and has been actively exploited since the 90s when web servers gained popularity, many relied on Common Gateway Interface (CGI) scripts to execute dynamic server-side content.

Command injection is a vulnerability still very prevalent in web applications despite being less famous than its cousins SQL injection or Code injection. If you’re familiar with other injection vulnerabilities, you’ll recognize the common principle: untrusted user input is not properly validated, leading to the execution of arbitrary system commands. This flaw occurs when unvalidated input is passed to system-level functions. So how prominent is command injection actually?

When deciding what approach to use for security tooling, it seems like there are two choices. Like everything in security, there is more to unpack in reality. In this article I want to explore when open-source security tools should be used, when commercial tools are more effective, and if we can trust tools built from an open-source core.

SQL injection (SQLi) has a history that is older than Internet Explorer (which according to Gen Z was the start of civilization). There have been thousands of breaches caused by SQL injection and an endless amount of well-documented best practices and tools to help prevent it. So surely, surely we learned our lesson from these breaches and SQLi is no longer an issue.

"Aikido helps us catch the blind spots in our security that we couldn’t fully address with our existing tools. It’s been a game-changer for us beyond just the SCA (Software Composition Analysis) solutions we originally brought them in for." A little while ago, we shared that Visma chose Aikido Security for its portfolio companies. Recently, we had the pleasure of having Nicolai Brogaard, Service Owner of SAST & SCA over in our Belgian headquarters.

Hi, I’m Dan Kindler and I’m the CTO and co-founder of Bound. We focus on making currency conversion and hedging cheap, fair, and most of all, easy. Our platforms help hundreds of businesses protect themselves from currency risk across the world. Currently, about half of our team is composed of engineers.