Snyk launches Secure Developer Program to strengthen open-source security
Cybersecurity company Snyk Ltd. today announced the launch of its Secure Developer Program, a new initiative designed to ...
Application Security Is In A Rut; Time To Shake Things Up?
The conversation between security teams and developers needs to change, to determining which AppSec vulnerabilities truly ...
How fake security reports are swamping open-source projects, thanks to AI
Patch spam contains code that is downright wrong and nonfunctional. Even worse: It can introduce new vulnerabilities or ...
New Black Duck Report: 86% of Commercial Codebases Contain Vulnerable Open Source, Exposing Organizations to Security Risks
Black Duck® Software, Inc. ("Black Duck"), a leading provider of application security solutions, today released the tenth annual "Open Source Security and Risk Analysis" (OSSRA) report. The research ...
Snyk Launches Secure Developer Program, Deepening Investment in Open Source Ecosystem to Improve Global Cybersecurity Posture
The impact of fixing even a single open source vulnerability can have far-reaching benefits and dramatically influence global cybersecurity posture. This program signals Snyk’s deepening investment ...
SD Times10mon
OpenText releases new browser extension that verifies if open source libraries meet company security policies
Developers can search for open source libraries ... existing software composition analysis tools. “A major source of friction between developers, compliance teams and security teams is ...
CRN2y
The 10 Coolest Open-Source Software Tools Of 2022
Open-source software tools are increasing in popularity ... API sprawl can create operational, management and security problems. Gravitee provides API development, security, management ...
SD Times7y
Security vulnerabilities in JavaScript libraries are hard to avoid
These days it is almost impossible to develop in JavaScript without utilizing one of the thousands of open-source JavaScript ... JavaScript libraries can have security flaws that can make a ...
Code security startup Semgrep reels in $100M from investors
Startup Semgrep Inc. has raised $100 million in funding to grow the adoption of its code security platform, which helps ...
CRN1mon
Veracode Looks To Boost Security For Software Supply Chain With Acquisition Of Phylum
Veracode said that its acquisition of software supply chain security startup Phylum ... and blocking of malicious code found in open-source libraries, Veracode said. The integration of Phylum ...
Computing2y
New guidance on software supply chain attacks released
Linux Foundation's OpenSFF releases npm security guide while US agencies ... use of tens or even hundreds of third-party open source software libraries hosted on npm, building on the work of ...
Hosted on MSN13d
The Code Registry and SCANOSS Announce Partnership to Drive Open-Source Transparency
The Code Registry, a leading provider of AI-powered code intelligence and insights, today announced a strategic partnership with SCANOSS, an industry leader in open source software (OSS ... licensing, ...