Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Open Source

GitHub "besieged" by malware repositories and repo confusion: Why you'll be ok

As open source software development continues to evolve, so does its susceptibility to cybersecurity threats. One such instance is the recent discovery of malware repositories on GitHub. In this cybersecurity attack, threat actors managed to upload malicious code onto GitHub, a platform that hosts millions of code repositories and is used by developers worldwide.

2024 OSSRA Report: Dead code risk in open source components

Highlighting the critical need for improved maintenance practices among users of open source software, the new 2024 “Open Source Security and Risk Analysis” (OSSRA) report catalogs security concerns caused by the significant lag many organizations have in keeping the open source components they use up-to-date.

Synopsys and GenAI

There is enormous attention on generative AI (GenAI) and its potential to change software development. While the full impact of GenAI is yet to be known, organizations are eagerly vetting the technology and separating the hype from the real, pragmatic benefits. In parallel, software security professionals are closely watching the practical impact of GenAI and how application security testing (AST) must adapt as adoption increases.

VMware vs KVM: A 5-Point Analysis

Following the boat-rocking acquisition acquisition of VMware by Broadcom at the end of 2023, uncertainty and skepticism has been looming among VMware customers as the changes were fast and drastic, impacting everyone in one way or another. While VMware still remains the virtualization leader and isn’t going anywhere (especially for large customers), a number of smaller organizations have been poking around to find whether realistic alternatives exist.

The 2024 Open Source Security and Risk Analysis (OSSRA) Report | Synopsys

Open source is in everything, everywhere, all at once. Get an in-depth look at the current state of open source security with the ninth edition of the “Open Source Security and Risk Analysis”(OSSRA) report. Do you know what's in your code?

A Comprehensive Guide to Open-Source Security

Open source security is a term used to describe the process of protecting your organization’s data and network from attack by using open-source software. It refers to the use of open-source software (OSS) for data protection. Open source software is free to use, meaning that anyone can access it without paying fees. This allows organizations to take advantage of the collective knowledge and experience of thousands of people who have contributed code or worked on projects together.

Automated SCM project scanning with Black Duck SCA | Synopsys

Black Duck’s automated project onboarding meets teams where they already are and enables them to quickly onboard and scan multiple projects in a single step. This means no manual scanning needed, and no interfacing with builds or pipeline – these scans are mapped and executed entirely within Black Duck. In this video, we'll demonstrate how to.