Open Source Security
A Developer’s Tutorial to Using NPM Audit for Dependency Scanning
Many developers overlook the risks lurking in third-party packages. Every package you add could harbor vulnerabilities, potentially exposing sensitive user data and granting unauthorized access to The post A Developer’s Tutorial to ...
A Guide to Open Source Software
Learn more about how organizations can use open source software to innovate while minimizing risk ...
NVD Update: Help Has Arrived
There's hope yet for the world's most beleaguered vulnerability database ...
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...
Enhance security with Sonatype Lifecycle and ServiceNow Application Vulnerability Response (AVR) integration
We are excited to announce an innovative partnership that integrates Sonatype's open source software (OSS) security intelligence directly into ServiceNow workstreams. For this partnership, we've launched a new Sonatype and ServiceNow integration ...
Open Source Security: How Strobes Integrates Security into Your Dev Workflow
Cloud-native development thrives on open-source software (OSS). It offers readily available, pre-built components that accelerate development lifecycles. However, this very advantage presents a significant challenge for DevSecOps: OSS security vulnerabilities.... The post ...
XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation
The OpenJS Foundation, which oversees multiple JavaScript projects, thwarted a takeover attempt of at least one project that has echoes of the dangerous backdoor found in versions of the XZ Utils data ...
6 Essentials for a Near Perfect Cyber Threat Intelligence Framework
Software developers face a constant barrage of cyber threats that can compromise their applications, data, and the security of their organizations. In 2023, the cyber threat The post 6 Essentials for a ...
Introducing our 9th annual State of the Software Supply Chain report
In our fast-paced digital world, striving for excellence is an ongoing journey marked by the relentless pursuit of innovation, efficiency, and a focus on the essential contributors: the developers. Our 9th annual ...
5 Types of Software Supply Chain Attacks Developers Should Know
What do ambulances in the UK, the Norwegian government, and a major Russian bank have in common? They were all victims of successful supply chain attacks The post 5 Types of Software ...
