What Is CVSS v3.1? Understanding The New CVSS
Explore the changes in CVSS v3.1 vs. CVSS 3.0 and understand their importance. Learn how to use CVSS 3.1
Read about application security, DevSecOps, license compliance, and software supply chain security.
Explore the changes in CVSS v3.1 vs. CVSS 3.0 and understand their importance. Learn how to use CVSS 3.1
Learn all about white box testing: how it’s done, its techniques, types, and tools, its advantages and disadvantages, and more.
BSD Licenses are a family of permissive free software. Due to their permissive nature, they have very relaxed conditions, but does that mean there's no limitation at all?
Top tips for getting started with Mend Composition Analysis to ensure your implementation is successful.
Learn all about the history of open source copyleft licenses, what they mean, and when to use them.
How prioritization can help development and security teams minimize security debt and fix the most important security issues first.
As the microservices development environment becomes more and more popular in cloud-based companies, the CI/CD volume is getting bigger and bigger and is changing the way organizations such as LivePerson can integrate DevSecOps tools into their CI/CD processes. Join Nir Koren, DevOps CI/CD Team Lead at LivePerson, as he discusses: -Why it is crucial to...
We have compiled a list of your top 10 questions about the Common Development and Distribution License.
All about Eclipse SW360 - an application that helps manage the bill of materials — and its main features.
Why you shouldn't track open source components usage manually and what is the correct way to do it.
What are the different types of black box testing, how is it different from while box testing, and how can black box testing help you boost security?
Application security should be a critical part of the DevOps process, as these days even the smallest vulnerability can wreak major havoc should they lead to failures or data breaches. As a result, however, application security and vulnerability scanning tools abound for every step of the software development life cycle, which means more tools to...
Software Composition Analysis software helps manage your open source components. Here are 7 questions you should ask before buying an SCA solution.
There are a lot of myths in application security. By partnering with developers, Target has busted several common security myths and proved that an effective security program can take a different approach. This session will describe how to successfully implement a “credit score” to security measurement practices, build an exclusive security champions program, and stop...
The top code review tools that will help you detect and remediate code defects and errors before production, when they are easy & less expensive to address.
NVD is the main source of open source vulnerabilities, but to cover yourself you need to know all main vulnerability databases.
How to make sure you have a solid patch management policy in place, check all of the boxes in the process, and use the right tools.
We’ve compiled a list of top 10 questions & answers about the Microsoft Public License.
Security specialists, especially at large organizations, believe that better security comes from robust independent gating. On the other hand, DevOps has proven that you can safely deploy orders of magnitude faster than human gating can achieve. What’s needed to add security to DevOps are tools that work well with rapid-cycle CI/CD pipelines and an approach...
The application security testing market is split into security scanning tools and runtime protection tools. In this article we define & compare all options.
The known open source core model had many challenges which led several companies to try and find a better licensing model. Join Matt Asay, Head of Open Source Strategy and Marketing at AWS, as he discusses innovative companies like Cloudera, Redis Labs, MongoDB and RackN, and their solutions to problems like competing with cloud providers...
Much has been written about the three pillars of DevOps—culture, technology and process—but less discussed is the “human” element of DevOps—what it takes from a people perspective to take care of those “doing DevOps” to promote success and prevent issues such as burnout or job dissatisfaction. This panel webinar looks at ways in which organizations...
While open source licenses are free, they still come with a set of terms & conditions that users must abide by. Read why license compatibility is a major concern.
An open source vulnerability scanner is a tool that helps organizations identify and fix any risks associated with open source software usage. Learn all about it.
It’s a fact: software development teams are constantly bombarded with an increasingly high number of security alerts. Since fixing all vulnerabilities is unrealistic, it’s imperative that teams find a method to zero in on the security vulnerabilities that matter. The key: prioritization. But, there’s a big question: Which is the best way to prioritize? There...
Enterprises and Developers already know the importance of managing vulnerabilities and dependencies, so why do so many still fall behind? Like maintaining good physical health, software projects require more than just good intentions – there needs to be sensible and achievable process that developers want to follow, and the rewards must outweigh the demands. In...
What is the GPL SaaS loophole? Did the AGPL solve it? How can SaaS companies ensure that they are complying to their open source licenses?
What is an open source attribution report? Who needs it and why? And most importantly: what's the easiest way to produce one?
Answers to frequently asked questions about the Eclipse Public License is an open source license developed by the Eclipse Foundation.
Vulnerability remediation requires 3 important steps: knowing what you have, prioritizing and Fixing. And that goes both for proprietary and third party code.
Interactive application security testing (IAST) works from within an application to detect and report issues while an application is running.
What is the balance between getting open source usage under control and managed in an automated, continuous and consistent manner, and leaving developers the freedom to productively do their jobs.
Read our July’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
Are security policies and practices around IoT connectivity keeping up with the pace of technological innovations?
DevSecOps is usually a tool or fast speed approach to the organization. This talk, however, will take you through a different approach. With a holistic view of the organization, the security phoenix methodology takes into account a large organization with assessment, maturity matrix, scoring system and measurement options. We will walk through the problem of...
An open source audit by a certified auditor identifies your open source inventory and gives you an analysis of licence compliance and security vulnerabilities.