WhiteSource has renamed itself Mend as the company pushes beyond software composition analysis to become a broad application security platform with automated remediation. The name WhiteSource didn't have any negative connotations when the company was founded, but some people today find it offensive.
Software is running the world – and it is everywhere. More and more elements of major businesses and industries are being run on software and delivered as online services. So much of the software on which the world depends is open source software.
Explore this white paper to understand dependency integrities...
Today, organizations must acknowledge the lists of well-known software risks provided by OWASP, SANS, and others, but an entirely new set of risks also emerge in Modern Application Development (MAD) initiatives.
This eBook expands on each of these risks. Check out this eBook to know in depth about:
When we think about Supply Chain attacks, we usually think of third-party suppliers. Their access to private information makes third-party suppliers a prime target for cyberattacks.
However, in this past year, there is a surge in supply chain attacks that are targeting a
different supply chain—the open source...
In a world that has evolved on the physical and logical underpinnings of the internet, we’re completely dependent on software applications (apps) that run nearly every aspect of our lives.
Amid the obligations to revolutionize, modern application development (MAD) was spawned and has since grown beyond its...
Pathlock has merged with Appsian to form a 500-person vendor that secures users and data across SAP and Oracle's ERP apps. Bringing Pathlock, Appsian and Security Weaver together will allow the firm to take a larger bite out of the $110 billion market focused on compliance testing for business apps.
Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
The U.S. Cybersecurity and Infrastructure Security Agency has announced that it is temporarily removing a Windows protection defect from its Known Exploited Vulnerability Catalog because of a risk of authentication failures after the recent Microsoft patch update.
Google will offer customers access to the same technology it uses to lock down developer workflows to ensure open-source dependencies are addressed. Assured Open Source Software will allow clients to ensure third-party software they're using is scanned, analyzed and fuzz-tested for vulnerabilities.
Many organizations struggle to understand how to approach application security program maturity. Caitlin Johanson and Dan Cornell of Coalfire share why AppSec maturity is important and offer strategies for how enterprises can evaluate their AppSec maturity levels and build a robust response.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses the issue of supply chain security and whether you should disclose information about your supply chain to companies as part of the effort to secure it. His conclusion: Build your defenses and trust no one.
According to a recent survey conducted by Noname Security, 41% of
organizations experienced an API security incident in the last 12 months and
63% of the incidents involved a data breach or data loss. Filip Verloy, technical
evangelist, EMEA at Noname Security, says that “tighter integration of API
Noname Security has released its new API Security Trends Report and - no surprise - API usage has grown exponentially. The bad news: So have API attacks by opportunistic adversaries. Karl Mattson of Noname discusses the report and some new ways of approaching API security.
An exploit has been created using critical remote code execution vulnerability CVE-2022-1388 in BIG-IP network traffic security management appliances. F5 BIG-IP admins are advised to immediately implement the patches for this vulnerability, which were released last week.
The U.S. National Institute of Standards and Technology has revised its guidance for organizations to counter supply chain risks. The new document addresses how to identify, assess and respond to cybersecurity risks throughout the supply chain at all levels of an organization.