Open Source

Priorities from the OpenSSF Secure Open Source Software Summit 2023

Oct 4, 2023 By Dan Appelquist In Snyk

Snyk has been a long-time active participant in and sponsor of the Open Source Security Foundation (OpenSSF). We’re there because we believe in supporting its mission of securing the open source ecosystem. A recent summit meeting convened by the OpenSSF with the White House brought together various US Government departments for a chat about open source security.

Read Post

Snyk

Read more about Priorities from the OpenSSF Secure Open Source Software Summit 2023

From diligence to integration: How software audits inform post-close M&A strategies

Sep 22, 2023 By Synopsys Editorial Team In Synopsys

Software due diligence is an all-important aspect of any merger and acquisition (M&A) transaction, and in the tech M&A world, a target’s software assets are a significant part of the valuation. This due diligence process should identify a target company’s open source license obligations, application security and code quality risks, and the organization, processes, and practices that compose the software development life cycle.

Read Post

Synopsys

Read more about From diligence to integration: How software audits inform post-close M&A strategies

Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Sep 20, 2023 By Mend In Mend

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

View Video

Mend

Read more about Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Navigating the Open Source Landscape: Finding Your First Contribution

Sep 15, 2023 By Nathan Tarbert In BoxyHQ

🕵️‍♂️ Embarking on your journey and learning how to contribute to open source is an exciting step towards honing your programming skills, collaborating with experts, and giving back to the global developer community. However, the challenge often lies in finding the right project to kickstart your open-source journey.

Read Post

BoxyHQ

Read more about Navigating the Open Source Landscape: Finding Your First Contribution

Is Open Source Software Dead?

Sep 14, 2023 By John Walsh In CyberArk

Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.

Read Post

CyberArk

Read more about Is Open Source Software Dead?

To OSINT and Beyond!

Sep 13, 2023 By Medz Barao In Trustwave

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

Read Post

Trustwave

Read more about To OSINT and Beyond!

Black Duck audits reporting update: Streamlined view of risks and remediation steps

Sep 7, 2023 By Emmanuel Tournier In Synopsys

New Synopsys Black Duck® engagement summary report summarizes a breadth of insights across all domains of software due diligence.

Read Post

Synopsys

Read more about Black Duck audits reporting update: Streamlined view of risks and remediation steps

Open Source CyberSecurity Tools for Hardening

Sep 3, 2023 By John Gates In CalCom

Open-source cybersecurity tools offer a prime solution for independent security experts, emerging businesses, and even medium to large enterprises aiming to tailor their security framework. These tools serve as a foundational platform for fostering security advancements, integrating proprietary software code and security automation scripts.

Read Post

CalCom

Read more about Open Source CyberSecurity Tools for Hardening

Tips and Tools for Open Source Compliance

Aug 31, 2023 By AJ Starita In Mend

You don’t need us to tell you that open source software is becoming a very significant percentage of commercial software codebases. Open source components are free, stable, and enable you to focus your resources on the innovative and differentiated aspects of your work. But as the use of open source components increases, compliance with open source licenses has become a complex project of growing importance. So how can you stay on top of compliance and what tools are out there to help?

Read Post

Mend

Read more about Tips and Tools for Open Source Compliance

We're open-sourcing the library that powers 1Password's ability to log in with a passkey

Aug 28, 2023 By René Léveillé In 1Password

You may have heard that 1Password beta testers can sign into websites using passkeys stored in their vaults. We’re actively developing the internal library powering passkey authentication, and now we’re open-sourcing it!

Read Post