Blog

  • GitLab security vulnerability

    The software security sirens are sounding again, and this time it’s a critical security vulnerability affecting GitLab, one of the open source communities favorite Git repository hosting services.

    Here’s everything you need to know about the impact of GitLab’s security vulnerability, and what you can do to protect yourself against it.


    Read More
  • The Real Impact of the WordPress-Wix Fiasco

    3 November 2016

    By Sivan Michaeli

    WordPress-Wix Fiasco

    In the past week, the Internet has been buzzing about WordPress co-Founder Matt Mullenweg’s accusation surrounding Wix’s apparent code theft.

    Cut long story short, Wix decided to use an open source project for their new product, which was previously released by Automattic (the company behind WordPress). Fast forward four and a half months, Mullenweg comes out all guns blazing, claiming Wix had not complied with the terms under which their open source project was licensed. What was this license, you may ask. Well, as you might have guessed, it was the famous (or infamous) GNU GPL v2.


    Read More
  • azure_vs_aws

    Due to the increased agility and reduced costs offered by moving applications from data centers to the cloud, the infrastructure as a service market has really taken off. And as it stands, there are two cloud providers leading the market. Amazon AWS and Microsoft Azure.

    So, let’s find the answer to the question which is on the tips of everyone’s tongues. ‘AWS vs Azure. Which cloud provider comes out on top?’


    Read More
  • Dirty Cow

    Once again, a serious vulnerability has been found in the kernel of the OS which most server and smart phones on the planet run on – Linux.

    Not only that, the Dirty Cow vulnerability has been around for 9 years and there are actual indications that its being exploited in the wild.

    So, here’s everything you need to know about Dirty Cow and how you can deal with it.


    Read More
  • 58476612 - paradigm shift or disruption as concept

    The software development process has been shifting left due to the growing challenge of developing and delivering software releases faster and faster. Agile methodologies and new roles, such as Dev Ops, have been created as a result from this shift.

    Shift left testing has been focused on testing your proprietary code, but what about your open source components? When are you making sure you are not using problematic licenses or if you have known security vulnerabilities in your product?

    Here’s rehashing all that you need to know about the Shift Left practices and how you can shift left your open source auditing.


    Read More
  • windows_opensource

    I don’t know about you, but I like to play ‘word association’ from time-to-time. Let’s have a quick game now.

    Technology-Computer-Software-Microsoft-Open Source!

    Although it may be hard to believe, Microsoft (once open source’s archnemesis) is now GitHub’s largest open source contributor and open source is truly essential to its market success.

    But, how did we get here? And what can the current Microsoft-open source relationship tell us about the tech giant’s future?


    Read More
  • open source usage

    WhiteSource has certainly come a long way since it started in 2011.

    In four short years, WhiteSource has become the market leading open source management solution.

    In fact, this week I learnt our customers now trust us with managing over 25,000 projects. A milestone for sure!

    It’s been a wild ride!


    Read More
  • Top Open Source Security Vulnerabilities

    29 September 2016

    By Jason Levy

    open source security vulnerability

    There are thousands of open source security vulnerabilities reported every year, but in the final post our series, we’re having a run-down of the most talked about (and the ones you should have been talking about…) open source security vulnerabilities of the past year.

    We prioritized the different open source vulnerabilities based on popularity and usage of the affected libraries, CVSS score, and even analyzed the search volume as a parameter for popularity. This means only the nastiest of bugs, which caused a stir in the open source community, made their way into our list.

    Enjoy!


    Read More
  • Open Source Security Software

    22 September 2016

    By Jason Levy

    clint_eastwood_open_source

    When it comes to security standards, open source can feel a bit like the wild west.

    There are no standards to govern open source coding and usage, meaning security vulnerabilities can become too much of a regular occurrence. However, does it have to be this way?

    In the third post of our series, we’re going to be looking at what both initiatives out there and the community at large can do to boost open source security standards.


    Read More
  • Open Source Vulnerability Management

    15 September 2016

    By Jason Levy

    open source vulnerability management

    In last week’s post, we looked at the variety of sources out there for detecting your open source vulnerabilities, and the importance of tracking them all.

    However, once you detect a vulnerability within one of your components, what are the most convenient methods of effective open source vulnerability management?

    Luckily. this is what we will be covering in this week’s post.


    Read More