Open Source

Open Source Vulnerability Management Recommendations for 2024

Dec 4, 2023 By Robert Haynes In Veracode

Stepping in 2024, the dynamics of open source vulnerability management are shifting. Rapid changes to software development demand a more nuanced approach to open source security from practitioners. From redefining risk to the cautious integration of auto-remediation, here are the pivotal recommendations for successful open source vulnerability management in 2024 and beyond.

Read Post

Veracode

Read more about Open Source Vulnerability Management Recommendations for 2024

Teleport OSS will relicense to AGPLv3

Dec 1, 2023 By Alexander Klizhentas In Teleport

We began working on Teleport with a vision to make trusted computing a reality for everyone, even for people without large budgets. That’s why we open sourced Teleport in 2015. Achieving this lofty goal takes a lot of work, which in turn requires capital. That is why we founded Teleport as a company and started to offer premium features required by enterprises. Thus, we must strike a delicate balance between benefiting the community and succeeding as a business.

Read Post

Teleport

Read more about Teleport OSS will relicense to AGPLv3

Are the Fears about the EU Cyber Resilience Act Justified?

Dec 1, 2023 By Thomas Segura In GitGuardian

Discover the inner workings of the recently implemented Cyber Resilience Act (CRA) in the EU and explore why this framework has raised concerns about jeopardizing the open-source ecosystem. Join us in our latest blog post to delve into this important topic.

Read Post

GitGuardian

Read more about Are the Fears about the EU Cyber Resilience Act Justified?

Top Open Source Licenses Explained

Nov 30, 2023 By AJ Starita In Mend

An open source license is a binding legal contract between author and user that declares the certain conditions in which a piece of software can be used, which is especially relevant in commercial applications. This license is what turns software components into open source components, allowing developers to use that software so long as they keep the specific terms and conditions laid out in the license. There are a lot of open source licenses, over 200 in fact.

Read Post

Mend

Read more about Top Open Source Licenses Explained

Grow Your Business with a 24/7 Security Operations Center (SOC) using Open Source Technologies.

Nov 28, 2023 By UTMStack In UTMStack

Keeping IT Services profitable can be challenging, equipment and software costs increase, margins suffer and customers cancel. The solution resides in the economy of horizontal scale. Imagine what could happen if your existing customers contracted two times more services from your business, would that help? Sell them something every business needs: cybersecurity, launch your own Security Operations Center, and close new profitable deals. Why UTMStack and not something else? The answer is simple: UTMStack is free and Open source and very intuitive, so you can hit the ground up and running in no time.

View Video

UTMStack

Read more about Grow Your Business with a 24/7 Security Operations Center (SOC) using Open Source Technologies.

Top 5 Open Source Security Risks IT Leaders Must Know

Nov 27, 2023 By Natalie Tischler In Veracode

Lurking in the open source software (OSS) that pervades applications around the world are open source security risks technology leaders must be aware of. Software is one of technology’s most vulnerable subsets with over 70% of applications containing security flaws. Here are the open source security risks IT leaders must be aware of to protect technology and help it scale safely.

Read Post

Veracode

Read more about Top 5 Open Source Security Risks IT Leaders Must Know

Audited vs. automated: What your automated open source tool isn't seeing

Nov 21, 2023 By Don Mulrenan In Synopsys

Black Duck® introduced the concept of managing open source, and the licensing and security risks that come with it, back in 2002. The process and the products have matured over the last two decades. Open source management has now become nearly as commonplace as source code control, whether development shops are using tools such as Black Duck or simply maintaining a spreadsheet of what is in their code.

Read Post

Synopsys

Read more about Audited vs. automated: What your automated open source tool isn't seeing

7 Ways to Strike Balance Between Technical Debt and Security Posture in The World of Open Source

Nov 17, 2023 By Karan Goenka and Michael Fischer In Arctic Wolf

Software development at the speed of business is a constant balance of tradeoffs, and managing the risk of open-source software is one of the most emerging prominent examples. This is driven home by high-profile supply chain attacks such as the ones on SolarWinds, Log4J, and MoveIt. Each of these examples represents a different type of abuse, including.

Read Post

Arctic Wolf

Read more about 7 Ways to Strike Balance Between Technical Debt and Security Posture in The World of Open Source

Beam OSS: Easily Make your Infra Private Using AWS SSM

Nov 7, 2023 By Entitle In Entitle

Beam is an OSS project that simplifies secure access to private infrastructure within non-public VPC environments. It replaces the traditional bastion host approach with AWS Systems Manager (SSM) for access, ensuring better security and user-friendliness, especially in dynamic environments with changing resources and multi-tenancy requirements. Beam eliminates the complexities of configuring SSM access, making it an accessible solution for various applications and environments while maintaining security best practices. Today Beam is available for AWS (SSM) and will expand to Google's Identity-Aware Proxy (IAP).

View Video

Entitle

Read more about Beam OSS: Easily Make your Infra Private Using AWS SSM

Tips and Tricks to Prioritize Snyk Open Source Findings #cybersecurity #opensource #security

Nov 7, 2023 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video