Collaborate Disseminate
Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an inflection point has been reached, with many organizations improving their abi… Continue reading Open source security: The risk issue is unpatched software, not open source use
The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the … Continue reading The percentage of open source code in proprietary apps is rising
Containers go bad everyday, and often without warning. All it takes is one CVE impacting an image, and now all containers deployed using this image are at an increased level of risk of compromise. As the use of containers becomes a standard practice, e… Continue reading Preventing good containers from going bad
Security experts Charlie Miller and Chris Valasek, contemplate the larger universe of the Internet of things and security. Continue reading IoT is Insecure, Get Over It! Say Researchers
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & Innovation (COSRI) analyzed 1,071 applications audited during 2016 and found both high levels of open source usage – 96% of the apps contained open source – and significant risk to open source security vulnerabilities – more than 60% of the apps contained open source security vulnerabilities. Notably, audit results of applications … More → Continue reading Organizations are not effectively dealing with open source security threats