SAST vs. SCA: It’s Like Comparing Apples to Oranges

SAST vs. SCA: It’s Like Comparing Apples to Oranges

|
Everybody’s talking about securing the DevOps pipeline and shifting left security. AppSec tools like SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and others that address issues in proprietary software have become staples of the developer’s security toolbox. Unfortunately, SCA (Software Composition Analysis) tools are often left out ... Read More
Everything You Wanted to Know About Open Source Attribution Reports

Everything You Wanted to Know About Open Source Attribution Reports

|
Open source components are a major part of the software products that we create and use. Along with the many advantages that using open source projects brings to software development organizations, it also comes with obligations and added responsibilities. One of these requirements is open source licensing compliance. This is ... Read More
which language is the most secure

Is One Programming Language More Secure Than The Rest?

|
Want to liven up an open space full of software developers? Ask them what the best programming language is, and why. I think we all know that there is a high chance that lively debate will end with tears, rage, and broken friendships. Coders tend to take their programming languages ... Read More
Open Source Licenses Explained

Open Source Licenses Explained

|
Every once in a while, community uproar over contentious open source licensing in a popular product will grab headlines, causing all of us to debate what open source licenses are really about. Last year it was the Apache Foundation’s ban of components with Facebook React’s contentious patent clause which caused ... Read More
Top 10 Open Source Licenses in 2018:  Trends and Predictions

Top 10 Open Source Licenses in 2018: Trends and Predictions

|
In the last months of 2018, open source licenses took center stage when Redis Labs and MongoDB made changes to the open source licenses of some of the most beloved open source databases around, causing quite a stir in the community and across the software industry. A lot of the ... Read More
Secure DevOps

3 DevOps Security Challenges & How to Overcome Them

|
Software organizations are under tremendous pressure to deliver innovative products and ship updates fast. To keep up with the competitive and ever-rapid release schedule, many software teams are adopting the DevOps model for its increased efficiency and agility. Companies that are required to innovate and stick to tight release timelines ... Read More
Top 5 New Open Source Security Vulnerabilities in October 2018

Top 5 New Open Source Security Vulnerabilities in October 2018

|
October has come and gone, and It’s time to clear away the ooky spooky Halloween cobwebs and take a look at the new open source security vulnerabilities that plagued us this past month. As usual, our hard-working research team has been sorting through the WhiteSource database to bring you October’s ... Read More

Learn From the Best: Vulnerability Management Best Practices from the Best in the Business

|
According to Skybox Security’s mid-year 2018 Report on Vulnerability and Threat Trends, 2018 is on track to exceed the record-breaking published vulnerability rates of 2017. Combined with the headline-grabbing breaches and attacks of the past few years, vulnerability management has become a top concern for software organizations. While vulnerability management ... Read More
New Open Source Security Vulnerabilities in September 2018

Top 5 New Open Source Security Vulnerabilities in September 2018

|
September is officially the start of autumn, and we are here to celebrate the end of summer with our list of top 5 new open source vulnerabilities in September. This past month’s Top 5 might surprise you, as it includes vulnerabilities that have actually been around for quite a while ... Read More
How to Make Your Vulnerability Management Metrics Count

How to Make Your Vulnerability Management Metrics Count

|
Everyone in a software development organization, from the head honchos to the last member of the security and dev teams, are investing more and more resources in their vulnerability management programs. According to Gartner’s forecast for 2018, this is the year enterprise security spending will break records, rising 8% compared ... Read More