The recent Log4j/Log4Shell vulnerability was a wake-up call that threats aren’t going to wait until the industry gets up to speed on software supply chain security. While the Log4j open source component vulnerability caught us all off guard, it did highlight the need for software vendors to be more proactive in disclosing the composition of […]
Securing Software with Intelligent Pipelines
One of the biggest cybersecurity risks involves vulnerabilities in the application layer. After all, the best firewall is useless if the web application itself is vulnerable. Many companies have worked to mitigate these risks by investing in their AppSec programs. According to a recent whitepaper written by ESG (commissioned by Synopsys), 71% of companies surveyed now use […]
Bridging the AppSec and DevOps Disconnect
Research estimates that cybercrime is going to cost the world $10.5 trillion annually by 2025, so it is no surprise that cybersecurity has become a top priority for business leaders. Today, security teams are striving to harden their systems against cyberattacks and improve their resilience through more employee security training, incident response programs and the […]
Google Unveils Tool to Better Secure GitHub Repos
Google today launched a GitHub app that provides automated continuous enforcement of security best practices for GitHub projects. Kim Lewandowski, a product manager for open source software security at Google, said the Allstar application enables IT teams to assess any project on GitHub to check for security policy adherence. In addition, Allstar sets desired enforcement […]
12 Ways to Bake Security Into a DevOps Transformation
Security has become an integral part of any DevOps transformation. According to the Upskilling 2021: Enterprise DevOps Skills Report, DevSecOps achieved a must-have percentage vote of 56% in the automation tool category. Security not only protects the business and its customers, but it enables companies to enforce internal and external policies. While considering how to […]
WhiteSource Tool Automatically Fixes Code Vulnerabilities
WhiteSource today announced that it has developed the first-ever tool that automatically remediates vulnerabilities discovered in custom code. Rami Sass, WhiteSource CEO, said WhiteSource Cure surfaces recommendations for fixing security vulnerabilities in code that developers can then apply with a click of a button. WhiteSource has a long history of providing tools that discover vulnerabilities […]
Yes, You Do Need SCA
We often go to restaurants and treat ourselves to unfamiliar and exotic foods made with ingredients we’re only vaguely aware of. A chef and their team (or a manager and their crew) are our vouchsafe that what’s in there isn’t deadly. Most of the time, that works out just fine; but, very rarely, we end […]
SAST, DAST, SCA: What’s Best For AppSec Testing?
According to the most recent Verizon Data Breach Investigations Report, almost 90% of data breaches are driven by financial gain, up from 71% in last year’s report. Most noteworthy, however, is that cloud platforms are particularly at risk, with web application attacks increasing by 43%. As more information is stored within cloud infrastructures, and as […]
The Risks and Potential Impacts Associated with Open Source
Open source software (OSS) is built by communities of developers who contribute their knowledge and time to OSS projects they find appealing. That code can then be used by individuals, communities and organizations in their software products—the only obligation they have is to play under the rules of the license with which the OSS project […]
The Challenge of Securing Open Source Applications
As enterprises have increased their reliance on applications over the years, there has been a significant rise in the use of reusable software components such as third-party libraries and open source code. This makes perfect sense, as this development method makes it possible to add value to applications and other software offerings quickly and easily. […]