Almost every day, there is a new tactic or technique discovered that hackers can use to disrupt a company’s systems, obtain critical data and information or steal money. Often attackers look to exploit vulnerabilities in code to carry out their attacks. Ironically, it’s usually a small piece of code that helps a business perform very […]
Massive Number of Transitive Dependencies Traced to Open Source Code
An analysis of nearly 2,000 software packages published by Endor Labs found 95% of all application vulnerabilities can be traced back to a transitive dependency created when a developer used an open source component. The study, conducted by the Station 9 research arm of Endor Labs, a provider of a platform for identifying software dependencies, […]
Rust Momentum Intensifies | Elon Says No WFH
In this week’s The Long View: People won’t shut up about Rustlang, and Musk mandates Twitter teams return to the office.
A Security Vulnerability Management Guide
Living in a container-native world is not easy. Containers have a reputation for being a point of entry for security vulnerabilities for many organizations. In 2015, according to a research paper, over 40% of Docker images distributed through Docker Hub had high-risk vulnerabilities; at that time there were more than 95,000 container images hosted on […]
Survey Sees Long DevSecOps Ahead
A survey of 250 developers working at leading technology companies paints a bleak picture of the current state of application security with 85% admitting applications on average have 10 or more vulnerabilities, with nearly half saying they have on average more than 20 per application. Conducted by Contrast Security, a provider of an observability platform […]
GrammaTech Discovers Vulnerabilities in Third-Party Code
GrammaTech today launched a CodeSentry software composition analysis (SCA) for binaries that inventories third-party code used in custom applications and identifies known vulnerabilities. Vince Arneja, chief product officer for GrammaTech, said the bulk of custom applications today are made up of binaries based on components developed by a third-party that comes in the form of […]
Strengthen API Security With These Tips and Patterns
If you haven’t noticed, digital organizations are building more and more APIs. ProgrammableWeb tracks more than 23,000 public web APIs at the time of writing, and the API market is estimated to be worth $5.1 billion by 2023. Building with APIs increases internal interoperability, reduces development time and can extend product functionality tremendously. In short, […]
Why We Need a Software Bill of Materials Industry Standard
The SBOM concept is part of is an industry-led, multi-stakeholder process to improve software component transparency Have you ever gotten a recall notice for the vehicle you drive? Perhaps your car or truck was part of the big recall on airbags a few years ago. It’s standard procedure for auto manufacturers to notify owners of […]
Snyk Tool Prioritizes Open Source Vulnerabilities
Snyk today announced it has enhanced the ability of its namesake vulnerability scanning tool by adding the ability to identify which open source vulnerabilities should be fixed first using a scoring tool that leverages data science and machine learning algorithms to analyze code. In addition, DevOps teams can now take advantage of automated pull requests […]
Puppet Aims to Automate Vulnerability Remediation
Puppet today unveiled Puppet Remediate software, which makes it easier to prioritize and remediate software vulnerabilities automatically. Matt Waxman, vice president of products for Puppet, said Puppet Remediate builds on existing automation capabilities in the Puppet platform to make it easier for DevOps teams to focus on addressing vulnerabilities. Most existing approaches to addressing vulnerabilities […]