CVE-2020-35774: twitter-server XSS Vulnerability Discovered

CVE-2020-35774: twitter-server XSS Vulnerability Discovered

According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative ...
Securing the Software Supply Chain Goes Beyond Application Development

Securing the Software Supply Chain Goes Beyond Application Development

In July 2017, one of the biggest data breaches was due to an insecure and out of date web application platform. This breach would have been prevented if the Apache Struts platform ...
Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can ...
What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

The BSIMM is an annual study of the real-world software security initiatives – “SSIs” in the report - across the software industry drawing from data and experience from 130 organizations. Rather than ...

Considering Nexus Auditor? You Should, But Know These Things First

I field a flood of requests every week asking to learn more about Nexus Auditor. I get it. Nexus Auditor, in the right use case, is a solid, cost-effective solution. Is Nexus ...
It’s Time to Update Your Drupal Now!

It’s Time to Update Your Drupal Now!

As part of our ongoing mission to help organizations develop and deploy more secure software and applications, and in light of Checkmarx’s expanded insight into the open source security landscape with its ...
Bringing Your Retail Application Security Strategy Up to Par

Bringing Your Retail Application Security Strategy Up to Par

It’s no secret that retail has been in the midst of a massive digital transformation over the past few years, largely driven by emerging software and technology, as shoppers seek out new ...
The Road to DevSecOps: Addressing the Challenges of Open Source Software

The Road to DevSecOps: Addressing the Challenges of Open Source Software

Although software is significantly changing our work, home, and personal lives, many don’t realize that today’s software is made up of numerous ingredients. Some of the software we use daily contains pieces ...

Octopus Scanner Compromises 26 OSS Projects on GitHub

Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...

Octopus Malware Compromises 26 OSS Projects on GitHub

Updated from original May 29th post. Making a salad for lunch or dinner? What ingredients do you use? Lettuce, carrots, onions, tomatoes, dressing? If you just go by the list of ingredients, ...