OSS
Anchore and Bitnami: Bridging the Data Gap for Accurate Image Scanning
The post Anchore and Bitnami: Bridging the Data Gap for Accurate Image Scanning appeared first on Anchore.Here’s a scenario: You do the right thing; you choose a minimal, hardened base image (like ...
Tech Debt and Reliance on Open-Source Security
Open-source software is the cornerstone of most IT platforms and infrastructure. This reliance extends beyond major applications; most software worldwide relies, in part, on even the smallest OSS library that solves a ...
Cybersecurity Insights with Contrast CISO David Lindner | 8/16/24
Insight #1 A recent study found that chief information security officers (CISOs) are significantly more anxious about the growing complexity of cybersecurity than their chief information officer (CIO) and chief technology officer ...
Synopsys Report Exposes Extent of Open Source Software Security Risks
Synopsys found 74% of 1,067 commercial codebases scanned contain open source components impacted by high-risk vulnerabilities ...
Has the Altruism Model of Open Source Security Peaked?
With an executive order, the Biden administration attempted to address concerns around open source software’s security. In Section 4 of Executive Order 14028, Improving the Nation’s Cybersecurity, open source and the software ...
Top 10 Open Source Software Risks of 2023
Software supply chain issues continue to be a concerning subject of late. Open source software (OSS) has many benefits, yet relying on many open source dependencies could cause security woes if it ...
Open source brings security risk, but SCA & RASP can help
For a deep dive on the security risks of OSS, listen to Contract CPO Steve Wilson’s conversation with Secure Talk. How secure is your online banking app? Don’t know? Join the club. ...
Three Reasons Why Contrast SCA Is Best Suited for Log4Shell Rapid Response
With Log4j being such a ubiquitous library embedded in tens of millions applications across the Java ecosystem, it’s fairly obvious to understand why the Log4Shell CVE is being treated as a DEFCON ...
Google Shares Format for Open Source Vulnerability Data
Google, in collaboration with several open source communities, today unveiled a schema for describing vulnerabilities in open source software that will make it easier to for developers to track security issues that ...
Open Source: The Positives, the Risks and the Future
In a world that is constantly evaluating costs, it is little wonder that there is an increasing demand for cost-effective solutions to business problems. In the real world, this means ‘free,’ and ...
