According to the 2023 “Open Source Security and Risk Analysis” (OSSRA) report, 96% of commercial code contains open source. In fact, 76% of the code scanned by Black Duck® Audit Services was open source. In other words, no matter what applications your organization builds, uses, or sells, you can be virtually certain that the application contains open source.

CVE-2023-25828 vulnerability; history, mitigation analysis, and everything you need to know about the remote code execution (RCE) vulnerability in Pluck CMS.

Synopsys Cybersecurity Research Center discovers new RCE vulnerability and cross-site scripting vulnerability in OpenTSDB.

Software due diligence is crucial in M&A, but to approach it strategically you must understand its key considerations and risks. Mergers and acquisitions (M&As) can be a great way for companies to expand their offerings and market share. One of the biggest risk areas for M&A in tech deals is software plagued with vulnerabilities or that contains open source license compliance issues.

The previous blog post in this series presented an introduction to secure software development for modern vehicles. In this blog post, we will do a deep dive on connected and autonomous vehicles (AVs) and focus on fuzz testing.

With the continued move to the cloud, cloud detection and response helps security teams defend their cloud applications and infrastructure.

CISA’s draft self-attestation form, published today, is a step in the right direction in demystifying EO 14028 compliance. It’s finally happened. For everyone who has been trying to figure out how to comply with President Biden’s Executive Order on Cybersecurity (EO 14028), you now have the answer—sort of.

Polaris Software Integrity Platform® – your application security testing system that can do both SAST and SCA, fast. Digitalization is speeding up business cycles across all industry sectors, so no matter what business you’re in, you need to keep up.

You should consider the following tips, tricks and best practices to help improve your supply chain security in the cloud. The cloud has revolutionized the way businesses operate, providing a scalable and cost-effective solution for storing, processing, and sharing data. However, with this growth has come new security concerns, particularly around the cloud software supply chain.

Yes, AI chatbots can write code very fast, but you still need human oversight and security testing in your AppSec program. Chatbots are taking the tech world and the rest of the world by storm—for good reason. Artificial intelligence (AI) large language model (LLM) tools can write things in seconds that would take humans hours or days—everything from research papers to poems to press releases, and yes, to computer code in multiple programming languages.