I’m excited to announce the acquisition of FossID, extending Snyk’s developer-first security capabilities with deeper C/C++ support and enhanced license compliance! Snyk’s vision has always been to empower developers to secure their applications, enabling the speed and scale required by technology-driven companies.
There are several advantages to consuming software as a service (SaaS). For starters, it allows companies of any size to leverage enterprise-grade software (CRM, service desk, security, etc.) in a pay-as-you-go model to avoid spending large sums of money on shelfware that may never get put to use. SaaS also offers customers the ability to scale or change the usage of their software with little to no advance notice, and makes them more agile in delivering products to market.
For years now, modern organizations have enjoyed a seamless procurement experience when purchasing software products through AWS Marketplace. AWS has made it possible for customers to purchase third-party software using their allocated AWS budget while still being able to negotiate custom pricing and legal terms directly with their favorite vendors.
Last summer, we announced our plan to expand our partnership with Trend Micro to provide security operations teams visibility and tracking of vulnerabilities and license risks in open source components. The long-standing partnership already includes container image security scanning that leverages Snyk’s proprietary vulnerability database.
SuiteCRM is a free and open source Customer Relationship Management application for servers. This advisory details a PHAR deserialization vulnerability that exists in SuiteCRM which could be leveraged by an authenticated administrator to execute commands on the underlying operating system. This issue has been fixed in release 7.11.19. In PHP, PHAR (PHP Archive) files can be used to package PHP applications and PHP libraries into one archive file.
Snyk’s mission is to empower developers and DevOps teams to secure their applications. As part of that security mission, Snyk offers a Free plan for Snyk Open Source, Snyk Container, and Snyk Infrastructure as Code, so all developers can code securely. Today, we’re excited to announce that Snyk Code is now available for free as well.
Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.
