Top 10 Eclipse Public License Questions Answered
Answers to frequently asked questions about the Eclipse Public License is an open source license developed by the Eclipse Foundation.
Choose Your Type
Choose Your Topic
Our Latest Content
3 Essential Steps for Vulnerability Remediation Process
Vulnerability remediation requires 3 important steps: knowing what you have, prioritizing and Fixing. And that goes both for proprietary and third party code.
All About IAST — Interactive Application Security Testing
Interactive application security testing (IAST) works from within an application to detect and report issues while an application is running.
Best Practices for Open Source Governance
What is the balance between getting open source usage under control and managed in an automated, continuous and consistent manner, and leaving developers the freedom to productively do their jobs.
July 2020 Open Source Security Vulnerabilities Snapshot
Read our July’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
IoT Application Security
Are security policies and practices around IoT connectivity keeping up with the pace of technological innovations?
The Security Phoenix: A Modern Approach to DevSecOps Focus on People
DevSecOps is usually a tool or fast speed approach to the organization. This talk, however, will take you through a different approach. With a holistic view of the organization, the security phoenix methodology takes into account a large organization with assessment, maturity matrix, scoring system and measurement options. We will walk through the problem of...
When’s the Right Time for an Open Source Audit?
An open source audit by a certified auditor identifies your open source inventory and gives you an analysis of licence compliance and security vulnerabilities.
When’s the Right Time for an Open Source Audit?
An open source audit by a certified auditor identifies your open source inventory and gives you an analysis of licence compliance and security vulnerabilities.
3 Key Considerations for DevOps Automation
If you’re considering increasing your company’s reliance on DevOps automation, here is a 3-step thought process to automate your mindset.
Software Development Life Cycle: Finding a Model That Works
This article identifies the phases of the SDLC (software development life cycle) and its main models: Waterfall and Agile.
Panel Discussion: Leading the Transformation
Digital transformation has been occurring in organizations of all sizes for the past few years, yet the process isn’t moving fast enough to move the needle in many companies. How can DevOps help increase the velocity and impact of digital transformation? This panel webinar discusses the relationship between DevOps and digital transformation and ways organizations...
Webinar: What All-Remote Taught Us About Appsec
The Covid-19 pandemic led to a lot of tech companies converting to remote teams almost overnight, and for some this may even become the norm. While conferencing such as Zoom are widely known for substituting for face-to-face meetings, it’s much less appreciated how the disruption has increased asynchronous communication approaches as people are not always...
Secure Coding: A Practical Guide
Poor coding is one of the main reasons for data breaches. Secure coding practices must be used to maintain a secure application.
Advance From Open Source Code Scanner to Software Composition Analysis Solution
In recent years a shift is seen in the market whereby most open source code scanners have either changed their approach or lost their entire customer base.
June 2020 Open Source Security Vulnerabilities Snapshot
Read our June’s open source vulnerabilities snapshot, your monthly overview of everything new in the fast-paced world of open source security vulnerabilities.
The $100 Million Court Case for Open Source License Compliance
CoKinetic Systems Corporation, one of the major global players in the in-flight entertainment (IFE) market, has recently filed suit against Panasonic Avionics Corporation in a New York federal...
Webinar: Pushing AppSec Left, Like a Boss
With incident response and penetration testing currently receiving most of our application security dollars, it would appear that industry has decided to treat the symptom instead of the disease. “Pushing left” refers to starting security earlier in the SDLC; addressing the problem throughout the process. From scanning your code with a vulnerability scanner to red...
From Dev to DevSec: How to transform developers into security rockstars
Waterfall, Agile, DevOps… it seems that every few years, a new methodology is born for optimum software creation. While these processes all have their strengths and weaknesses, the streamlining and red tape they often bring can feel like a hindrance to a developer’s main goal of building great software. So how do we shift secure thinking...
Forrester’s State of Application Security, 2020: Key Takeaways
In its 2020 AppSec report, Forrester predicts application vulnerabilities will continue to be the most common external attack method. Read the key takeaways.
How Does GDPR Impact Open Source Security Expectations?
Learn how to be better prepared for GDPR by adopting the right tools and getting on the right side of regulation easier, while building great software and serving customers.
DevSecOps vs. SecDevOps: A Rose by Any Other Name?
The terms DevSecOps and SecDevOps are often used interchangeably. Is there any real difference between them? Let’s explore whether there’s a difference.
How to Implement Security at the Speed of DevOps
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security? It’s a fact – many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case. Tune in to hear Jeff Martin, Senior Director of Product...
May Open Source Security Vulnerabilities Snapshot
Learn about April's new open source security vulnerabilities, their severity, top CWEs, vulnerabilities per programming language, new XSS in jQuery XSS, and more.
Top Tools and Tips to Improve Your DevOps Pipeline
Are you ready to build your DevOps pipeline? Time to tool up with these top 7 CI/CD technologies that will help you get your feet wet.
Observability: What You Need to Know
Learn why observability is important to DevOps organizations with distributed systems, how observability is different from monitoring, and how to approach the three pillars of observability.
State of the Market CI/CD/ARA
The continuous integration/continuous delivery market has gone through many changes since DevOps came on the scene, but it remains the backbone of the DevOps toolchain. Application release automation has also joined the ranks of must-have DevOps technologies. So where does the market stand currently and what can we expect to see in the next generation...
Open Source Analysis Extends Your Visibility
Open source analysis gives you visibility into your open source code and allows you to manage your open source components.
Harnessing Development to Scale AppSec
GitLab helps you to scale security across your Continuous Integration (CI) process enabling developers to test their code with every code change, right in their existing workflow. By seamlessly integrating WhiteSource’s security application testing solution in GitLab CI, we further reduce context switching and increase developer productivity. This enables developers and InfoSec professionals to work...
April Open Source Security Vulnerabilities Snapshot
Check in to learn about the new open source security vulnerabilities published in March, their severity, top CWEs, vulnerabilities per programming language, new critical FastXML jackson-databind seria
The State of Open Source Security Vulnerabilities in 2020
WhiteSource’s Annual Report on The State of Open Source Security Vulnerabilities in 2020 found that a record-breaking number of new open source security vulnerabilities in was published in 2019. In our research, we focused on open source security’s weakest and strongest points in the hopes of bringing some clarity to the fast-paced and complex space...
Kubernetes Pod Security Policy Best Practices
Using Kubernetes pod security policies to maximum effect takes some effort. this article explains how to get the most out of Kubernetes pod security policies.
Top Zoom Backgrounds We Love For April 1st
Our humble tribute to April Fools’ Day is this collection of our favorite Zoom backgrounds from our very own Mend crew.
The State of Open Source Security
Open source security, once viewed as an oxymoron, has come into its own as a way for organizations to secure their environments without breaking their bank. As a result, a plethora of open source security technologies have flooded the market, creating more opportunity as well as challenges and a healthy dose of confusion. The webinar...
How to Balance Between Security and Agile Development the Right Way
What can be done to better balance between security and agile development? What steps can be taken to ensure agile development processes are done in a secure manner?
5 Ways to Speed Up Your Software Development Process
We all constantly face the challenge of reducing time-to-market to ensure our company will not lose market share. This challenge has made time the most valuable resource for every software...