Read about application security, DevSecOps, open source license compliance and audit
What you should know about an improper implementation of the pkexec tool in polkit, an out-of-bounds memory access that can be leveraged by a local attacker to escalate their privileges to the system root. Discover how the exploit works and how WhiteSource thwarts it.
An overview of open source licensing trends in 2021 and predictions for what we can expect in open source in 2022
There is a misconception that DevSecOps slows things down and that Agile results in bad software. Here is how they can co-exist with one another.
Following the threats posed by the Log4j vulnerability, Learn how to follow CISA’s advice and produce and audit a software bill of materials (SBOM). Understand the benefits of SBOMs to the supply chain. Discover best practices for generating SBOMs.
WhiteSource Chief Scientist's top tips to thwart the risks from Log4j and reinforce your cybersecurity
What you need to know about the Log4j vulnerability CVE-2021-44832, and how to remediate it.
Automated Log4j Remediation Rules Now Available for WhiteSource Renovate and Remediate.
The Log4Shell vulnerability can also impact ruby and other non-java applications. Here’s what you need to know.
What you need to know about Log4j Vulnerability CVE-2021-45105, and how to remediate it.
What you need to know about Log4j Vulnerability CVE-2021-45046, and how to remediate it.
How to remediate the newly published critical vulnerability in Apache’s widely popular Log4j Java library, CVE-2021-44228.
Why vulnerability management metrics are important, and how to choose the right metrics to keep your organization’s applications and assets secure.