Software Composition Analysis Explained

Software Composition Analysis Explained

|
Open source code is everywhere, and it needs to be managed to mitigate security risks.  Developers are tasked with creating engaging and reliable applications faster than ever. To achieve this, they rely heavily on open source code to quickly add functionality to their proprietary software. With open source code making ... Read More
Top Tips for Getting Started With a Software Composition Analysis Solution

Top Tips for Getting Started With a Software Composition Analysis Solution

|
You’ve purchased a software composition analysis solution, and you’re excited to start scanning. Before you do, read our top tips for getting started with WhiteSource. Following some basic guidelines ensures your implementation gets off on the right foot. 1. Build a Team WhiteSource is an organizational initiative, not a one-person ... Read More
Why Manually Tracking Open Source Components Is Futile

Why Manually Tracking Open Source Components Is Futile

|
Open source is everywhere. Everyone is using it. Open source code is found in almost every proprietary software offering on the market and is estimated to make up on average 60%-80% of all software codebases in 2020. Why the proliferation? Open source libraries help developers write code faster to meet ... Read More
Top 7 Questions to Ask When Evaluating a Software Composition Analysis Solution

Top 7 Questions to Ask When Evaluating a Software Composition Analysis Solution

|
Your open source usage is out of control. Sure, it’s helping you develop your product faster and getting new releases out the door in days instead of months, but now your code base is made up of 60% or more open source components. And that percentage is only growing. The ... Read More
Our Favorite Web Vulnerability Scanners

Our Favorite Web Vulnerability Scanners

|
Web Vulnerability Scanners Defined Web vulnerability scanners crawl through the pages of web applications to detect security vulnerabilities, malware, and logical flaws. They do this by generating malicious inputs and evaluating an application’s responses. Often referred to as dynamic application security testing (DAST), web vulnerability scanners are a type of ... Read More
Why You Need an Open Source Vulnerability Scanner

Why You Need an Open Source Vulnerability Scanner

|
No one wants to be the next Equifax. Just thinking about their company’s name being in a headline along with the words “security breach” is enough to keep CISOs up at night. Much like Fight Club, however, the first rule of data breaches is: You do not talk about security ... Read More
Dynamic Application Security Testing: DAST Basics

Dynamic Application Security Testing: DAST Basics

|
Application security testing (AST), which are tools that automate the testing, analyzing, and reporting of security vulnerabilities, is an indispensable part of software development. In a modern DevOps framework where security is shifted left, AST should be thought of as compulsory. And this has never been more important when you ... Read More
Interactive Application Security Testing: IAST Basics

Interactive Application Security Testing: IAST Basics

|
Because applications and software vulnerabilities are the most common external point of attack, securing applications is a top priority for most organizations. An essential component for reducing this risk is application security testing (AST). In this blog, we focus on interactive application security testing (IAST), the relative newcomer in the ... Read More
When’s the Right Time for an Open Source Audit?

When’s the Right Time for an Open Source Audit?

|
How much do you really know about your open source usage? Can you identify what open source components you’re using? How about which licenses are in play and whether you’re compliant? Do you have a good sense of how many open source security vulnerabilities are in your code base and ... Read More
Software Development Life Cycle: Finding a Model That Works

Software Development Life Cycle: Finding a Model That Works

|
Waterfall. Agile. Scrum. Kanban. Lean. These words are often thrown around when talking about the software development life cycle (SDLC), but what do they mean and how do they relate to each other? In this blog, we’ll take a look at the evolution of the software development life cycle and ... Read More