Open Source

Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations

May 8, 2024 By Craig Searle In Trustwave

Using open-source code exposes organizations to a tremendous amount of risk, yet this point is treated like a dirty little secret that nobody talks about. So, let’s live on the edge and take a minute to talk about the problem. Open-source code is an oddity. Generally, open-source code is often placed in small packets tucked inside massive programs that corporations use to run their most important processes or it is adopted as a whole program and tasked with running some part of a business.

Read Post

Trustwave

Read more about Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations

Cloud Unfiltered with Hakim Hacid - Open Source AI with Falcon - Episode 11

May 3, 2024 By Panoptica In Panoptica

Hakim Hacid discusses open-source AI with Falcon LLM. He chats about the complexities and the competitive landscape of creating LLMs.

View Video

Panoptica

Read more about Cloud Unfiltered with Hakim Hacid - Open Source AI with Falcon - Episode 11

CVE-2024-3094 - Critical Backdoor Vulnerability In XZ Utils Open-Source Library

May 2, 2024 By Nivedita James Palatty In Astra

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

Read Post

Astra

Read more about CVE-2024-3094 - Critical Backdoor Vulnerability In XZ Utils Open-Source Library

How to use Snyk SBOM and Review Project Open Source Dependencies

Apr 27, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about How to use Snyk SBOM and Review Project Open Source Dependencies

Open-Source Software Security

Apr 26, 2024 By Guest Expert In GitGuardian

Open-source software security is crucial in today's cloud-native world. Learn about vulnerabilities, dependencies, and tools to improve security in this in-depth blog post.

Read Post

GitGuardian

Read more about Open-Source Software Security

5 Best Open Source Application Security Security Tools in 2024

Apr 25, 2024 By David Melamed In Jit

As cybersecurity becomes increasingly important in software development, the “shift left” security approach is widely recognized as a best practice for ensuring superior application security. Numerous traditional security firms are introducing shift-left products and capabilities, and the concept is gaining traction. However, some open source application security tools are more developer-friendly than others.

Read Post

Jit

Read more about 5 Best Open Source Application Security Security Tools in 2024

Why You Should Use Open Source Vulnerability Scanners

Apr 24, 2024 By Snyk In Snyk

Watch the full video for more... ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about Why You Should Use Open Source Vulnerability Scanners

Why you NEED an Open Source Vulnerability Scanner

Apr 22, 2024 By Snyk In Snyk

Here are 7 reasons why you need an open source vulnerability scanner. ✍️ Resources ✍️ ⏲️ Chapters ⏲️ ⚒️ About Snyk ⚒️ Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about Why you NEED an Open Source Vulnerability Scanner

Building a software Bill of Materials with Black Duck

Apr 20, 2024 By Mike McGuire In Synopsys

A necessary step in securing an application is evaluating the supply chain of each component used to create the application—no matter how many hands were involved in its development. If any links in the supply chain are obscured, it can be difficult to confidently assess the amount of risk that an application is susceptible to.

Read Post

Synopsys

Read more about Building a software Bill of Materials with Black Duck

Wake Up Call: XZ Utils Breach Demands Open Source Security Reform

Apr 18, 2024 By Michael Aguilera In Razorthorn

In late March 2024, the cybersecurity community was shaken by the revelation of a critical vulnerability in XZ Utils, a popular open source compression tool integral to many Linux systems. The discovery was made by Andres Freund, a developer at Microsoft, who reported that versions 5.6.0 and 5.6.1 had a backdoor that could potentially allow unauthorised remote code execution.

Read Post