Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

Aug 15, 2022 By JFrog In JFrog
The NVD defines one of the usages of CVSS as “a factor in prioritization of vulnerability remediation” and it is the current de-facto vulnerability metric, often seen as infallible guidance and a crucial element in many compliance processes. In our session we will go over real-world CVE examples, demonstrating cases and entire categories where CVSSv3.1 falls short of providing an accurate assessment, both due to its design and its various mishandlings. The session will also touch upon specific indicators in the CVE description that can raise the confidence in a CVSS score, and vice versa.
View Video

Untangle the Secrets of your JavaScript Dependencies

Aug 15, 2022 By Snyk In Snyk
In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.
View Video
styra

Collaborating on Access Control Policies with Open Policy Agent

Aug 12, 2022 By Ralf Gueldemeister In Styra

Zendesk Engineering consists of many teams that own a large number of different domains, ranging from engineering teams that built internal services to teams that work on our various product offerings. One concern that these teams have in common is controlling access to their APIs via fine-grained policies. Some APIs are only available to admins, others to users with a specific set of permissions and some APIs restrict access based on attributes of the data being accessed.

Read Post
teleport

Securing Your Snowflake Database with Teleport Database Access

Aug 11, 2022 By Kenneth DuMez In Teleport

Picture this: unfortunately you had to let one of your engineers go. No matter how many times you tried to tell them, after countless interventions and meetings with the engineering lead, they simply wouldn’t stop using tabs instead of spaces. An absolutely unforgivable offense. A few weeks later, suddenly your production Snowflake database is wiped out. You log on to assess the damages and you check the SNOWFLAKE.ACCOUNT_USAGE.QUERY_HISTORY for every user in the system.

Read Post
mend

Mend API Helps Make SBOMs Simple

Aug 10, 2022 By Ilan Adler In Mend

The proliferation of third-party software components such as open source software(OSS) has triggered a growing need to keep track of it all. Why? Because when security vulnerabilities inevitably crop up in open source components, it’s pretty important to know whether your company uses that piece of code – or whether it appears in the myriad software dependencies inherent in open source.

Read Post

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Aug 10, 2022 By Snyk In Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.