Open Source

An Inside Look at How to Keep Open Source Software Dependencies Up-to-Date and Secure

Aug 3, 2022 By Pramod Rana In Netskope

Today, open source software provides the foundation for the vast majority of applications across all industries, and software development has slowly moved toward software assembling. Because of this change in the way we deliver the software, new attack surfaces have evolved and software security is facing new challenges inherent with dependency on open source software.

Read Post

Netskope

Read more about An Inside Look at How to Keep Open Source Software Dependencies Up-to-Date and Secure

Continued leadership in open and transparent security

Aug 3, 2022 By Mark Dufresne In Elastic

Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.

Read Post

Elastic

Read more about Continued leadership in open and transparent security

MI-X | Am I Exploitable

Aug 3, 2022 By Rezilion In Rezilion

Take a deep dive into Rezilion's open source tool, MI-X or Am I Exploitable. Learn what the tool is, what makes it unique, and watch a demo that shows the tool detecting Log4Shell.

View Video

Rezilion

Read more about MI-X | Am I Exploitable

Introducing IaC Security from Black Duck

Jul 29, 2022 By Black Duck Solutions Team In Synopsys

Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.

Read Post

Synopsys

Read more about Introducing IaC Security from Black Duck

Addressing cybersecurity challenges in open source software with the Linux Foundation

Jul 20, 2022 By Mariah Gresham In Snyk

Snyk recently partnered with the Linux Foundation to produce a report focusing on the state of security in the open source software (OSS) space. The report was based on 550+ survey responses and 15 interviews with OSS maintenance and cybersecurity experts. Following the report’s publication, experts from Snyk held a webinar with the Linux Foundation to discuss some of the key insights.

Read Post

Snyk

Read more about Addressing cybersecurity challenges in open source software with the Linux Foundation

Be enterprise-ready: Three reasons not to build enterprise features!

Jul 19, 2022 By Sama - Carlos Samame In BoxyHQ

If you are thinking about building features to be enterprise-ready, there are typically two paths that brought you here: Either way, you need to be aware that selling to enterprises is super exciting, especially if you like to play golf and you are ok with a long sales cycle - it could easily take you up to three years to close a deal. Enterprises can be scared to give startups a chance and startups often lose out to more established businesses.

Read Post

BoxyHQ

Read more about Be enterprise-ready: Three reasons not to build enterprise features!

Top open source licenses and legal risk for developers

Jul 13, 2022 By Synopsys Editorial Team In Synopsys

Learn about the top open source licenses used by developers, including the 20 most popular open source licenses, and their legal risk categories. If you’re a software developer, you probably use open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges?

Read Post

Synopsys

Read more about Top open source licenses and legal risk for developers

The M&A Open Source Risk Number

Jul 8, 2022 By Phil Odence In Synopsys

Find out what our audit services team unearthed in the 2,400+ codebases we reviewed in 2021. Spoiler alert: In 2021, audits found open source in 100% of our customer engagements. Regular readers know that Synopsys recently published the seventh edition of the “Open Source Security and Risk Assessment” (OSSRA) report. We think it provides the best information available about usage of open source in the wild, and the frequency of open source risks.

Read Post

Synopsys

Read more about The M&A Open Source Risk Number

AppSec Decoded: Get the most out of your open source software | Synopsys

Jul 7, 2022 By Synopsys In Synopsys

Watch our latest edition of AppSec Decoded as Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys Software Integrity Group, discuss the value of Black Duck® by Synopsys audit services in the M&A world, and ways to reap the benefits of your open source software without falling victim to the risks.

View Video

Synopsys

Read more about AppSec Decoded: Get the most out of your open source software | Synopsys

Snyk Live : Legal Side of Open Source Use with Yos Pang

Jul 7, 2022 By Snyk In Snyk

Open source use has spread rapidly throughout the world. With many governments, businesses and consumers utilising open source libraries and platforms on a daily basis. As the adoption of open source has increased there are many legal aspects to consider including licensing, compliance and more. This special episode of Snyk Live we are joined by Snyk Head of APJ Legal, Yos Pang. Yos is an international, commercial technology lawyer, with a strong background in intellectual property and a particular interest in open source and open content issues.

View Video