Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As open source software development continues to evolve, so does its susceptibility to cybersecurity threats. One such instance is the recent discovery of malware repositories on GitHub. In this cybersecurity attack, threat actors managed to upload malicious code onto GitHub, a platform that hosts millions of code repositories and is used by developers worldwide.

Following the boat-rocking acquisition acquisition of VMware by Broadcom at the end of 2023, uncertainty and skepticism has been looming among VMware customers as the changes were fast and drastic, impacting everyone in one way or another. While VMware still remains the virtualization leader and isn’t going anywhere (especially for large customers), a number of smaller organizations have been poking around to find whether realistic alternatives exist.

Open source security is a term used to describe the process of protecting your organization’s data and network from attack by using open-source software. It refers to the use of open-source software (OSS) for data protection. Open source software is free to use, meaning that anyone can access it without paying fees. This allows organizations to take advantage of the collective knowledge and experience of thousands of people who have contributed code or worked on projects together.

Picture this: A user on your network casually explores the internet and scrolls through a website’s comment section. However, a lurking threat known as cross-site scripting (XSS) is poised to exploit vulnerabilities and steal their session cookies, which includes sensitive data such as their logon credentials. But how does this nefarious scheme unfold, and what other open-source vulnerabilities could be exploited in the process?

After serving as its steward for over a decade, Trustwave has agreed to transfer the reins of the renowned open-source web application firewall (WAF) engine, ModSecurity, to the Open Worldwide Application Security Project (OWASP). This landmark move promises to inject fresh energy and perspectives into the project, ensuring its continued evolution as a vital line of defense for countless websites worldwide.

One of the top security concerns we hear from technology leaders is about the security of open source software (OSS) and cloud software development. An open source vulnerability scanner (for scanning OSS) helps you discover risk in the third-party code you use. However, just because a solution scans open source does not mean you are ultimately reducing security risk with it.

Open source software has become an integral part of modern application development, enabling developers to accelerate their projects by leveraging pre-existing libraries and frameworks. Open source offers numerous benefits, yet it's not without its challenges. A significant hurdle is ensuring that dependencies remain up-to-date. In our latest blog post, we delve into the complexities associated with updating open source components.

Guest post originally published on Kubescape’s blog by Oshrat Nir, Developer Advocate at ARMO and a Kubescape contributer.

In code security, not everything is "shift left." Dynamic testing is as important to help developers build and ship secure applications on the right-hand side of the SDLC. Let's explore the benefits, pitfalls, and popular open-source DAST tools in this blog post from the Escape team.