Open Source

Choosing Open Source Libraries

Apr 27, 2022 By Snyk In Snyk

In this quick video, Brian Clark talks through best practices when choosing open source libraries and shows how to accelerate your OSS evaluations. Chapters: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Choosing Open Source Libraries

Generating fake security data with Python and faker-security

Apr 25, 2022 By Michael Aquilina In Snyk

Snyk recently open sourced our faker-security Python package to help anyone working with security data. In this blog post, we’ll briefly go over what this Python package is and how to use it. But first, we’ll get some context for how the factory_boy Python package can be used in combination with faker-security to improve your test-writing experience during development. Note: Some knowledge of Python is helpful for getting the most out of this post.

Read Post

Snyk

Read more about Generating fake security data with Python and faker-security

Software Supply Chain Security: The Basics and Four Critical Best Practices

Apr 21, 2022 By Adam Murray In Mend

Enterprise software projects increasingly depend on third-party and open source components. These components are created and maintained by individuals who are not employed by the organization developing the primary software, and who do not necessarily use the same security policies as the organization. This poses a security risk, because differences or inconsistencies between these policies can create overlooked areas of vulnerability that attackers seek to exploit.

Read Post

Mend

Read more about Software Supply Chain Security: The Basics and Four Critical Best Practices

CyRC Vulnerability Analysis: CVE-2022-1271 in gzip, but it's not as bad as it sounds

Apr 19, 2022 By Jonathan Knudsen In Synopsys

CVE-2022-1271 is a new vulnerability affecting gzip, a widely used open source component for archiving, compressing, and decompressing files. CVE-2022-1271, also tracked in the Black Duck KnowledgeBase™ as BDSA-2022-0958, is a bug in gzip, a file format and software application used for archiving, compressing, and decompressing files.

Read Post

Synopsys

Read more about CyRC Vulnerability Analysis: CVE-2022-1271 in gzip, but it's not as bad as it sounds

CVE-2022-1271 - Improper Input Validation in Gzip | Synopsys

Apr 19, 2022 By Synopsys In Synopsys

Synopsys's Blackduck Open Source KnowledgeBase has identified a new vulnerability, CVE-2022-1271. Watch the video to understand whether your application uses gzip command and the remediation efforts.

View Video

Synopsys

Read more about CVE-2022-1271 - Improper Input Validation in Gzip | Synopsys

Microsoft releases open-source tool for securing MikroTik routers

Apr 18, 2022 By Theodoros Karasavvas In AT&T Cybersecurity

This blog was written by an independent guest blogger. In mid-March, Microsoft released a free, open-source tool that can be used to secure MikroTik routers. The tool, RouterOS Scanner, has its source code available on GitHub. It is designed to analyze routers for Indicators of Compromise (IoCs) associated with Trickbot. This article will introduce some background on the MikroTik vulnerability, the Trickbot malware, and some ways you can protect yourself.

Read Post

AT&T Cybersecurity

Read more about Microsoft releases open-source tool for securing MikroTik routers

Software Composition Analysis of Git repositories

Apr 14, 2022 By Andreas Sommarström In Bytesafe

Open source software adoption reaches higher levels every year. Recent figures show that over 70% of code used in codebases is open source. With a constant stream of new components comes increased requirements to manage the inherent risks associated with open source. Requirements that quickly turn into a necessity as supply chain attacks increased by 400% in 2021. The practice to identify and track open source components usually falls under the umbrella of Software Composition Analysis (SCA).

Read Post

Bytesafe

Read more about Software Composition Analysis of Git repositories

The 2022 Open Source Security and Risk Analysis (OSSRA) Report | Synopsys

Apr 12, 2022 By Synopsys In Synopsys

Marking the 7th edition this year of the 2022 OSSRA, herein, Synopsys analyzes vulnerabilities and license conflicts found in more than 2,400 codebases across 17 industries.

View Video

Synopsys

Read more about The 2022 Open Source Security and Risk Analysis (OSSRA) Report | Synopsys

Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices

Apr 5, 2022 By Mend In Mend

WhiteSource provides a simple yet powerful solution for companies to manage the open source components in their application. WhiteSource is designed for security and software development teams, to give managers the control and visibility over the vulnerabilities in their app and developers to tools to quickly fix what matters. WhiteSourceSoftware.com

View Video

Mend

Read more about Microsoft Developers Trust WhiteSource for Fast, Secure Open Source Best Practices

Snyk Open Source adds C/C++ security scanning for unmanaged dependencies

Apr 5, 2022 By Michal Brutvan In Snyk

We’re happy to announce the general availability of C/C++ security scanning in Snyk Open Source, enabling development and security teams to find and fix known security vulnerabilities in their C/C++ open source library dependencies. 2:21

Read Post