There is enormous attention on generative AI (GenAI) and its potential to change software development. While the full impact of GenAI is yet to be known, organizations are eagerly vetting the technology and separating the hype from the real, pragmatic benefits. In parallel, software security professionals are closely watching the practical impact of GenAI and how application security testing (AST) must adapt as adoption increases.

Following the boat-rocking acquisition acquisition of VMware by Broadcom at the end of 2023, uncertainty and skepticism has been looming among VMware customers as the changes were fast and drastic, impacting everyone in one way or another. While VMware still remains the virtualization leader and isn’t going anywhere (especially for large customers), a number of smaller organizations have been poking around to find whether realistic alternatives exist.

Now in its ninth edition, the 2024 “Open Source Security and Risk Analysis” (OSSRA) report delivers an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software.

Open source security is a term used to describe the process of protecting your organization’s data and network from attack by using open-source software. It refers to the use of open-source software (OSS) for data protection. Open source software is free to use, meaning that anyone can access it without paying fees. This allows organizations to take advantage of the collective knowledge and experience of thousands of people who have contributed code or worked on projects together.

The software bill of materials (SBOM) is quickly becoming an essential aspect of open source security and compliance. In this post, we'll delve into what SBOMs are, why they're necessary, and their role in open source security.

Picture this: A user on your network casually explores the internet and scrolls through a website’s comment section. However, a lurking threat known as cross-site scripting (XSS) is poised to exploit vulnerabilities and steal their session cookies, which includes sensitive data such as their logon credentials. But how does this nefarious scheme unfold, and what other open-source vulnerabilities could be exploited in the process?

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.

One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it.

Guest post originally published on Kubescape’s blog by Oshrat Nir, Developer Advocate at ARMO and a Kubescape contributer.

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.