DevSecOps in an Agile Environment
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
Choose Your Type
Choose Your Topic
Our Latest Content
Log4J: Tales from The Trenches: The State of Log4J Remediation
he announcement of Log4j vulnerability sent security and development teams into a tailspin — not once, but multiple times. Throughout it all, WhiteSource has been providing tools for discovery and automated remediation, and working closely with our customers. Join our experts to learn what has been going on, such as: What percentage of organizations were...
CISA Says: Generate and Audit a Software Bill of Materials (SBOM) to prepare for the next Log4j
Following the threats posed by the Log4j vulnerability, Learn how to follow CISA’s advice and produce and audit a software bill of materials (SBOM). Understand the benefits of SBOMs to the supply chain. Discover best practices for generating SBOMs.
Best Practices for Dealing With Log4j
WhiteSource Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
Gartner® Report – What to Do About Log4j?
Cybersecurity experts say that the Log4j vulnerability is perhaps the most severe flaw of its type in decades. If not addressed, it could detrimentally affect millions of pieces of software in some of the world’s largest organizations, and hundreds of millions of devices globally. What can security and application developers do to identify and mitigate...
CVE-2021-44832: A New Medium Severity Vulnerability Was Found in Log4j
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.
Fixing the Log4j Vulnerability with WhiteSource
Automated Log4j Remediation Rules Now Available for WhiteSource Renovate and Remediate.
Log4Shell or LogThemAll: Log4Shell in Ruby Applications
The Log4Shell vulnerability can also impact ruby and other non-java applications. Here’s what you need to know.
How to Build a Threat Model for Kubernetes Systems
As Kubernetes adoption grows, its attack surface expands with it, allowing bad actors to find and exploit vulnerabilities in the cloud-native stack. In addition, the complexity of Kubernetes and the lack of proper security controls make the attacks targeting Kubernetes clusters and containers hosted in them a real risk for organizations. With the threat landscape...
Facing the Log4j Vulnerability Head On The Risk and the Fix
When the zero-day vulnerability in Log4j was reported, most organizations immediately sprung into action. But anyone who’s dealt with a vulnerability this critical and ubiquitous in an enterprise organization knows it’s not an easy task. Even with the right tools and policies, mitigating this type of threat is always a challenge. In this webinar, our...
Log4j Vulnerability CVE-2021-45105: What You Need to Know
What you need to know about Log4j Vulnerability CVE-2021-45105, and how to remediate it.
Log4j Vulnerability CVE-2021-45046 Now a Critical 9.0
What you need to know about Log4j Vulnerability CVE-2021-45046, and how to remediate it.