Learn who needs open source audits, why you might need one, who and what is involved, and how an open source audit can help you in an M&A. If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source.
Where do open source dependencies go to die, and why do they come to an end? What happened to the npm faker module? Can it happen again? Join me to learn how open source software libraries rise to glory and how they reach their end of life. I’ll also include some takeaways for developers and ops engineers.
Open source libraries and frameworks are a great way to jump-start development projects. Open source empowers developers to do some great things without reinventing the wheel and developing solutions for problems that have already been solved. However, adding any code to a project carries an inherent risk of introducing potential vulnerabilities that may have made their way into it through error or malice.
We are excited and proud to announce the release of Am I Exploitable? (MI-X), a tool that allows researchers and developers to know if their containers and hosts are impacted by specific, high-profile vulnerabilities. MI-X, developed by Rezilion’s vulnerability research team, made its debut this week at Black Hat Arsenal, and is now officially available as an open-source project.
Today, open source software provides the foundation for the vast majority of applications across all industries, and software development has slowly moved toward software assembling. Because of this change in the way we deliver the software, new attack surfaces have evolved and software security is facing new challenges inherent with dependency on open source software.
Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.
Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.
