As software becomes increasingly integral to our professional and personal lives, the need to protect information and systems from malicious attacks grows proportionately. One of the critical threats that Python developers must grapple with is the risk of code injection, a sophisticated and often devastating form of cyberattack.

On November 23, 2023, Arcserve released Arcserve Unified Data Protection (UDP) 9.2 to address three vulnerabilities, including a critical-severity remote code execution (RCE) vulnerability. Subsequently on November 27, 2023, Tenable published public Proof of Concepts (PoCs) for these vulnerabilities, as they were the ones who initially disclosed these vulnerabilities to Arcserve back in August 2023.

Securing C/C++ applications has been a massive challenge historically. Until today, many organizations using C/C++ have had to rely on a niche, single-language tool that, while decent at finding vulnerabilities, requires code to be compiled before scanning, slows down developers with clunky integrations, and provides vulnerability alerts that do not help developers to remediate the issue.

User credentials are the information required to authenticate a user's identity and grant them access to a system or application. Typically, this includes a username or email address and a password. While a username can be stored as plaintext in a database, sensitive information like email addresses or passwords should not. If a malicious actor gains access to your database where you store this information, you don't want to hand over this information to them easily.

Forescout Vedere Labs has identified a total of 21 new vulnerabilities affecting Sierra Wireless AirLink cellular routers and some of its open source components such as TinyXML and OpenNDS, which are used in a variety of other products.

The SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has conducted further research into the indicators of compromise (IoCs) that SysAid shared when disclosing a new vulnerability in its on-premise software last month.

Effective security programs promote collaboration between developers and security teams. Many organizations aim for a seamless developer experience that allows security teams to build guardrails directly into dev workflows, breaking down silos, and promoting collaboration between these departments.

Snyk, the leader in developer security, is excited to share that we’ve been named Customers’ Choice in the 2023 Gartner Peer Insights Voice of the Customer for Application Security Testing for a second consecutive year. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding user interest, adoption, and overall experience.

Stepping in 2024, the dynamics of open source vulnerability management are shifting. Rapid changes to software development demand a more nuanced approach to open source security from practitioners. From redefining risk to the cautious integration of auto-remediation, here are the pivotal recommendations for successful open source vulnerability management in 2024 and beyond.