Why Drupalgeddon 2.0 May Still Be A Threat To Your Website

Why Drupalgeddon 2.0 May Still Be A Threat To Your Website

|
Some vulnerabilities in open source components just never seem to go away, even long after a fix has been issued. Dubbed “Drupalgeddon 2.0”, the vulnerability in the popular content management system (CMS) Drupal continues to leave many of its users exposed, despite having been reported back in March. A report ... Read More
CVSS v3 Is Still Missing The Target For Prioritization

CVSS v3 Is Still Missing The Target For Prioritization

|
The Common Vulnerability Scoring System (CVSS) is the leading standard when it comes to rating the severity of vulnerabilities facing software components. Organized by the Forum of Incident and Response Teams (FIRST), CVSS is aimed at providing the community of security professionals with a standard upon which they can understand ... Read More
Known Open Source Vulnerabilities In Reusable Software Components: The Golden Goose For Hackers That Keeps On Giving

Known Open Source Vulnerabilities In Reusable Software Components: The Golden Goose For Hackers That Keeps On Giving

|
Hackers love a good puzzle. Hacker culture is rooted in finding ways to improve on code, and unravel challenges with innovative workarounds or alterations. However when it comes to the business of hacking a target, cyber criminals are all about finding the path of least resistance. As entrance points like ... Read More
Introducing the 3rd Generation of Software Composition Analysis

Introducing the 3rd Generation of Software Composition Analysis

|
Software Composition Analysis tools were created to help companies take control of their open source usage, gaining actionable insights based on real visibility over the open source components in their inventory and products. Where as the 1st generation offered legal teams a level of assurance that they were not using ... Read More
How does GDPR impact open source security expectations?

How does GDPR impact open source security expectations?

|
Your inbox is probably jammed full of emails talking about GDPR, the European Union’s comprehensive data privacy regulation regime that is set to come into effect on May 25. The driving force behind GDPR is to formalize data protections across the European Union, giving citizens better control over how their ... Read More