Mend

Fixing the Log4j Vulnerability with WhiteSource

Dec 27, 2021 By Rhys Arkins In Mend

The announcement of Log4j vulnerability cve-2021-44228 sent security and development teams into a tailspin and highlights the one of biggest challenges of open source security: dependency management. The open source libraries that make up up to 80% of our applications are often a tangled web of dependencies.

Read Post

Mend

Read more about Fixing the Log4j Vulnerability with WhiteSource

Log4Shell or LogThemAll: Log4Shell in Ruby Applications

Dec 23, 2021 By Hagai Wechsler In Mend

The notorious Log4Shell vulnerability CVE-2021-45046, has put Log4j in the spotlight, and grabbed the entire Java community’s attention over the last couple of weeks. Maintainers of Java projects that use Log4j have most probably addressed the issue. Meanwhile, non-java developers are enjoying relative peace of mind, knowing that they are unaffected by one of the major vulnerabilities found in recent years. Unfortunately, this is an incorrect assumption.

Read Post

Mend

Read more about Log4Shell or LogThemAll: Log4Shell in Ruby Applications

Log4j Vulnerability CVE-2021-45105: What You Need to Know

Dec 19, 2021 By Hagai Wechsler In Mend

A third Log4j2 vulnerability was disclosed the night between Dec 17 and 18 by the Apache security team, and was given the ID of CVE-2021-45105. According to the security advisory, 2.16.0, which fixed the two previous vulnerabilities, is susceptible to a DoS attack caused by a Stack-Overflow in Context Lookups in the configuration file’s layout patterns. What is this CVE about? What can you do to fix it? How does it differ from the previous CVEs?

Read Post

Mend

Read more about Log4j Vulnerability CVE-2021-45105: What You Need to Know

Log4j Vulnerability CVE-2021-45046 Explained

Dec 16, 2021 By Hagai Wechsler In Mend

As security and development teams rushed to assess the now-notorious Log4Shell vulnerability published December 10 (CVE-2021-44228), another, more minor vulnerability was discovered in Log4j — CVE-2021-45046. To understand the newly-discovered vulnerability, it is important to get the full picture and background on the original Log4j issue.

Read Post

Mend

Read more about Log4j Vulnerability CVE-2021-45046 Explained

How to Create a SPDX SBOM Using WhiteSource

Dec 14, 2021 By Mend In Mend

In this short video, we will demonstrate how to create an NTIA compliant Software Bill of Materials for applications that have been scanned using WhiteSource.

View Video

Mend

Read more about How to Create a SPDX SBOM Using WhiteSource

New Log4j Vulnerability CVE-2021-44228: Info and Remediation

Dec 12, 2021 By Daniel Elkabes In Mend

A newly published critical vulnerability in Apache’s widely popular Log4j Java library, CVE-2021-44228 (CVSS score 10) was published over the weekend, causing a lot of concern.

Read Post

Mend

Read more about New Log4j Vulnerability CVE-2021-44228: Info and Remediation

Azure DevOps Repository Integration

Dec 11, 2021 By Mend In Mend

Are you using Azure DevOps Repositories? WhiteSource can integrate with your source control and quickly detect open source artifacts and their known vulnerabilities and licensing risks. WhiteSource also provides all the information you need to fix these artifacts automatically.

View Video

Mend

Read more about Azure DevOps Repository Integration

How to Make Your Vulnerability Management Metrics Count

Dec 9, 2021 By Patricia Johnson In Mend

Software development organizations are investing more and more resources in their vulnerability management programs. According to Gartner’s forecast, in 2021 enterprise security spending was expected to break records and grow 12.4% to reach 150.4 billion. But how do organizations know if they’re spending their security resources wisely? The answer can only be found by crunching the numbers.

Read Post

Mend

Read more about How to Make Your Vulnerability Management Metrics Count

Unified Agent - Local Scanning

Dec 4, 2021 By Mend In Mend

This is the first video in a series describing how the WhiteSource Unified agent can be used to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on performing a scan on a user's local desktop.

View Video

Mend

Read more about Unified Agent - Local Scanning

Unified Agent - CI-CD Scanning | Azure DevOps

Dec 4, 2021 By Mend In Mend

This is the second video in a series describing how the WhiteSource Unified agent can be used to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on performing a scan within a CI-CD pipeline such as Azure DevOps.

View Video

Mend

Read more about Unified Agent - CI-CD Scanning | Azure DevOps

Subscribe to Mend

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mend

Fixing the Log4j Vulnerability with WhiteSource

Log4Shell or LogThemAll: Log4Shell in Ruby Applications

Log4j Vulnerability CVE-2021-45105: What You Need to Know

Log4j Vulnerability CVE-2021-45046 Explained

How to Create a SPDX SBOM Using WhiteSource

New Log4j Vulnerability CVE-2021-44228: Info and Remediation

Azure DevOps Repository Integration

How to Make Your Vulnerability Management Metrics Count

Unified Agent - Local Scanning

Unified Agent - CI-CD Scanning | Azure DevOps

Monthly Archive

Follow Us