Collaborate Disseminate
Read about a supply chain attack that involves XZ Utils, a data compressor widely used in Linux systems, and learn how to protect from this threat. Continue reading XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor
Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts. Continue reading Google Offers Bug Bounties for Generative AI Security Vulnerabilities
Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report.
The post Top 10 open-source security and operational risks o… Continue reading Top 10 open-source security and operational risks of 2023
Microsoft has open sourced its framework for managing open source in software development.
The post What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it? appeared first on TechRepublic.
Continue reading What is Microsoft’s Secure Supply Chain Consumption Framework, and why should I use it?
Synopsys can measure the maturity of security activities within an open source management framework in compliance with the OpenChain standard and ISO/IEC 5230:2020.
The post Announcing Synopsys as an OpenChain Project third-party certifier appeared f… Continue reading Announcing Synopsys as an OpenChain Project third-party certifier
As the use of open source has grown, so has the number of vulnerabilities. Uncover the latest findings from the 2021 OSSRA report.
The post What’s new in the 2021 ‘Open Source Security and Risk Analysis’ report appeared first on Software Integrity Bl… Continue reading What’s new in the 2021 ‘Open Source Security and Risk Analysis’ report
How can you successfully navigate open source license compliance? Start with the right tools to identify your dependences and calculate their risks.
The post Open source license compliance and dependencies: Peeling back the licensing layers appeared … Continue reading Open source license compliance and dependencies: Peeling back the licensing layers
In this AppSec Decoded interview, we discuss the security and legal risks companies face when open source security vulnerabilities are ignored.
The post AppSec Decoded: Why organizations can’t ignore open source security appeared first on Software In… Continue reading AppSec Decoded: Why organizations can’t ignore open source security
Are today’s mobile apps secure or do they offer opportunities for attackers? Learn about the state of mobile application security in our new report.
The post Assessing the state of mobile application security through the lens of COVID-19 appeared fir… Continue reading Assessing the state of mobile application security through the lens of COVID-19
Developer communities like Stack Overflow are a great resource for your open source projects, but proper due diligence is required to manage compliance risks.
The post The 411 on Stack Overflow and open source license compliance appeared first on Sof… Continue reading The 411 on Stack Overflow and open source license compliance