Since the onset of the pandemic, many workplaces were suddenly merged into home spaces. In my case, my bedroom became my office. In this new mode of working, what I missed the most is the office chatter and the water cooler conversations which often lead to some brilliant ideas for a new project or design solutions to a technical problem.

Supply chain attacks are one of the trickier challenges for organizations to defend against since they undermine our trust in otherwise trusted systems that we depend on for running our software and protecting our data. If an adversary is able to successfully compromise a key component of a popular supply chain product, the impact can be widely felt by many organizations.

A new trend for developers is emerging, as many companies shift towards using serverless computing. The name is a bit misleading, as serverless computing still relies on servers for storing data, but those who use serverless computing leave the maintenance of the server to their provider. They pay only for the storage needed to execute the code they develop.

As this year comes to a close, it is a good time to take a look at the trends of open source license usage in 2020 and compare them to previous years. Our research team has collected information from the WhiteSource database, which includes more than 4 million open source packages and 130 million open source files covering over 200 programming languages, to learn which were the most popular open source licenses in 2020.

Apple loves bragging about how secure their devices are. Not without reason: there are lots of security features you probably use daily, including code autofill, password reuse auditing, Safari built-in privacy, and many more. Same for developers. For example, Apple doesn't release their source code to app developers for security reasons. And the owners of iOS devices can't modify the code on their phones themselves.

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility built in almost all Unix-like based OSes. This includes Linux distributions, like Ubuntu 20 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2). This popular tool allows users to run commands with other user privileges.

Even before the pandemic, many companies were undergoing significant transformation as they transitioned to cloud or hybrid architectures and grappled with problems caused by tool sprawl due to the quick adoption of many disparate tools. For some, COVID-19 and the rush to remote work fueled and exacerbated these challenges.