CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 are remote code execution vulnerabilities in three popular mouse and keyboard apps.

See examples of custom and variant licenses and how Black Duck Audits flag these licenses to help legal teams evaluate software risk. An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code.

Black Duck Security Advisories provide more-accurate information on vulnerable software version ranges to help customers get more out of NVD data.

CRED, a fintech company and BSIMM member since early 2022, underwent a BSIMM assessment to benchmark their security processes. CRED, launched in 2018, provides financial services and lifestyle features, and has been a member of the BSIMM community since early 2022. CRED provides a wide variety of product offerings from lifestyle to personal finance.

Learn about the key takeaways from the “Software Vulnerability Snapshot” report, which examines security issues uncovered in web and mobile apps.

Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization.

JavaScript, like other programming languages, are not without security challenges. These JavaScript security best practices will help you build more-secure code. JavaScript is one of the most popular programming languages, largely because it’s an easy language for beginners. It’s easy to set up, it has an active and vast community, and users can create web, mobile, and desktop applications using only JavaScript.

Polaris fAST services are fast, powerful, and easy-to-use cloud-based application security testing, optimized for DevSecOps. Fast. These days, it can be hard for us to agree on much of anything. But one thing that seems to unite us all is that when we want something, we want it now. And we need it fast. Fast is definitely top-of-mind for anybody producing software. Delivery schedules are constantly being compressed, so anything that reduces the time for developer tasks is a good thing.

Learn how the gRPC test suite and gRPC wizard enable Defensics customers to create their own test sequences from protocol buffer definitions.

Get remediation guidance on CVE-2022-43945, which contains two vulnerabilities causing buffer handling issues in Linux Kernel NFSD implementation. By: Aleksi Illikainen and Kari Hulkko, Synopsys Cybersecurity Research Center.

GitHub Actions integrates AST capabilities into development workflows and CI/CD pipelines to provide instant, actionable insights into risks. Today, the nature of technology and its accelerated time to market require organizations to extend security practices to development and engineering teams.