Open Source

Top Open Source Licenses Explained

Jan 19, 2023 By Adam Murray In Mend

With an understanding of what open source licenses are and their benefits, it’s also useful to know what are the main categories of these licenses, the different types, and their requirements. It’s quite an array, which can be overwhelming, but with this knowledge, you can make more informed choices about what software and what licenses are right for your purposes.

Read Post

Mend

Read more about Top Open Source Licenses Explained

6 Reasons You Need to Run SCA Scans on Projects in VS Code

Jan 16, 2023 By Saoirse Hinksmon In Veracode

We love open-source software (OSS). Not only does it save time and effort, but it’s also incredibly rewarding to collaborate with other developers on major projects. Plus, it opens the door for innovation that otherwise wouldn’t be possible at this scale. However, with code comes responsibility, and so it’s imperative to understand the risk OSS libraries carry when we’re integrating them into projects.

Read Post

Veracode

Read more about 6 Reasons You Need to Run SCA Scans on Projects in VS Code

Artifactory - Supply Chain Defender

Jan 15, 2023 By Mend In Mend

This is the fifth video in a series describing how WhiteSource can integrate with Artifactory to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on how to Mend can detect and block malicious packages such as ua-parser-js.

View Video

Mend

Read more about Artifactory - Supply Chain Defender

AMA with BoxyHQ's CEO Deepak Prabhakara | BoxyHQ Community Call #1

Jan 12, 2023 By BoxyHQ In BoxyHQ

Join us for an AMA as Deepak explains about what BoxyHQ is and how the BoxyHQ as a project is going to change enterprise readiness and developer security in open source ecosystem.

View Video

BoxyHQ

Read more about AMA with BoxyHQ's CEO Deepak Prabhakara | BoxyHQ Community Call #1

CNCF accepts Kubescape as its first security and compliance scanner project

Jan 11, 2023 By Craig Box In ARMO

Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.

Read Post

ARMO

Read more about CNCF accepts Kubescape as its first security and compliance scanner project

8 Best Secure Photo Apps in 2023

Jan 11, 2023 By Joe Tobin In Internxt

It would be maddening if someone looked over your private files on your phone. Imagine someone scrolls through your phone gallery without your permission and steals your secret files. How irritating that would be! Moreover, you never know what will happen if your photos get exposed. Someone could spread your private pictures on social media and use them for evil intentions that can lead to serious embarrassment or, in the worst scenario, severe crimes.

Read Post

Internxt

Read more about 8 Best Secure Photo Apps in 2023

OSPO security evolution: The Kübler-Ross Model of open source

Jan 11, 2023 By Dan Appelquist In Snyk

What’s in an OSPO? Open Source Program Offices are popping up all over, in recognition of the facts on the ground: open source software (and I would argue open standards as well) plays an enormous role in building and maintaining the software that increasingly drives the planet.

Read Post

Snyk

Read more about OSPO security evolution: The Kübler-Ross Model of open source

Why Open Source License Management Matters

Jan 5, 2023 By Adam Murray In Mend

The ongoing rise in open source vulnerabilities and software supply chain attacks poses a growing threat to businesses, which heavily rely on applications for success. Between 70 and 90 percent of organizations’ code base is open source, while vulnerabilities such as Log4j have significantly exposed organizations to cyberattacks.

Read Post

Mend

Read more about Why Open Source License Management Matters

4 Reasons why Python libraries are not secure

Jan 5, 2023 By Aurore Inara In Spectral

The Don’t Repeat Yourself (DRY) Principle is one of Python’s most used software development principles. It aims to reduce the repetition of software patterns and algorithms by using package libraries and boilerplate templates to improve product release efficiency.

Read Post

Spectral

Read more about 4 Reasons why Python libraries are not secure

Effective Unit Testing for Java Applications: Common Challenges and Solutions | Code Intelligence

Dec 22, 2022 By Code Intelligence In Code Intelligence

In this video, I discuss the challenges of managing dependencies and libraries in Java software development projects and the importance of running unit tests. However, I also dig deeper into the limitations of unit tests and the importance of supplementing them with other forms of testing. In the second part of the video, I introduce fuzz testing as a complementary approach to unit testing and give an example of how I was able to replicate a Remote Code Execution CVE in HyperSQL within just a few minutes, using an open-source fuzz testing tool, called CI Fuzz CLI.

View Video