Open Source

Snyk in 30: Open source security for Atlassian Bitbucket Cloud

Dec 15, 2022 By Marco Morales In Snyk

In our latest Snyk in 30, Jason Lane (Director of Product Marketing) and I (Marco Morales, Partner Solutions Architect) showcased Snyk Open Source with a focus on our integration with Bitbucket Cloud. They covered why open source security is vital for modern app development, along with tips on taking a holistic approach to application security that goes beyond just shifting left.

Read Post

Snyk

Read more about Snyk in 30: Open source security for Atlassian Bitbucket Cloud

Rezilion Unveils New Updates to MI-X, An Open Source Tool That Determines Vulnerability Risk, at Black Hat Europe

Dec 7, 2022 By Rezilion In Rezilion

Rezilion announces updates to MI-X, its highly-rated open-source tool developed by Rezilion's vulnerability research team. The tool will be featured this week at Black Hat Arsenal during Black Hat Europe and features several new updates to give teams vital information about the exploitability of known critical CVEs in their environment. Available as a download from the G

Read Post

Rezilion

Read more about Rezilion Unveils New Updates to MI-X, An Open Source Tool That Determines Vulnerability Risk, at Black Hat Europe

What We've Learned About Reducing Open-source Risk Since Log4j

Dec 7, 2022 By Natalie Tischler In Veracode

I share a birthday with the Log4j event. However, unlike this event, I’ve been around for more than one year. On December 9th, 2021, a Tweet exposed a zero-day vulnerability in Log4j, a widely-used piece of open-source software. The announcement made headlines everywhere, and cybersecurity was suddenly put in the spotlight. It was a wake-up call for many because, in an instant, software that had been considered secure was suddenly at tremendous risk.

Read Post

Veracode

Read more about What We've Learned About Reducing Open-source Risk Since Log4j

Discovered new BYOF technique to cryptomining with PRoot

Dec 5, 2022 By Biagio Dipalma In Sysdig

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

Read Post

Sysdig

Read more about Discovered new BYOF technique to cryptomining with PRoot

Shift-Left Testing and Its Benefits

Nov 30, 2022 By Patricia Johnson In Mend

Testing practices have been shifting left in the software development process due to the growing challenge of developing and delivering high-quality, secure software at today’s competitive pace. Agile methodologies and the DevOps approach were created to address these needs. In this post, we’ll map out the basics of shift-left practices in the DevOps pipeline and discuss how to shift left your open source security and compliance testing. Contents hide 1 What does shift left mean?

Read Post

Mend

Read more about Shift-Left Testing and Its Benefits

Adventures in Open Source: A conversation about the journey and lessons learned

Nov 29, 2022 By LimaCharlie In LimaCharlie

Open source as a philosophy was born alongside the Internet at a time when the world was much more optimistic. The naysayers said it couldn’t be done, that it wasn’t secure, and that it was just a matter of time before all these projects failed. Fast forward 30-40 years and the open source ecosystem is thriving. Linux runs on the top 500 super computers in the world, almost 95% of the world’s servers, and 85% of all smart phones.

View Video

LimaCharlie

Read more about Adventures in Open Source: A conversation about the journey and lessons learned

Custom and variant licenses: What's in the fine print?

Nov 25, 2022 By Phil Odence In Synopsys

See examples of custom and variant licenses and how Black Duck Audits flag these licenses to help legal teams evaluate software risk. An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code.

Read Post

Synopsys

Read more about Custom and variant licenses: What's in the fine print?

Beyond NVD data: Using Black Duck Security Advisories for version accuracy

Nov 22, 2022 By Lauren Fearon In Synopsys

Black Duck Security Advisories provide more-accurate information on vulnerable software version ranges to help customers get more out of NVD data.

Read Post

Synopsys

Read more about Beyond NVD data: Using Black Duck Security Advisories for version accuracy

Project Pyrsia: Securing the OSS Supply Chain

Nov 22, 2022 By JFrog In JFrog

In this video, learn the mission of Project Pyrsia, how it aids in securing the #softwaresupplychain and why it matters—from project partners at JFrog, DeployHub, and Oracle!

View Video

JFrog

Read more about Project Pyrsia: Securing the OSS Supply Chain

The top three differences between an open source audit and an open source scan

Nov 11, 2022 By Umer Palla In Synopsys

Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization.

Read Post