Blog

  • Getting Jiggy With the Open Source Community

    2 February 2017

    By David Thompson

    Open Source Community

    Open source has long become an integral part of how software teams build software, but still, the majority of us are not leveraging all the benefits the open source community has to offer by effectively engaging with it. Most companies, knowingly or not, are passing up a golden opportunity to improve their software products and…


    Read More
  • open source audit

    Open Source Audit. Three words which can make a big difference to the continued success of your organization?

    But when is the right time to start one, and why is it so important anyhow?

    Find the answers to these questions and more in this week’s post.


    Read More
  • White Hat Hacking – Not What You Expect

    19 January 2017

    By Patricia Johnson

    white hat hackers

    Shellshock. Dirty Cow. Drown.

    When it comes to finding nasty security vulnerabilities such as the above in the open source projects we all know and love, White Hats provide project managers with an important service.

    But what motivates White Hat hackers to take the time to prod and probe our software, looking for bugs. Money? Fame? Glory? Well, you might be surprised that it’s something else entirely.


    Read More
  • open source software licenses

    With the recent WordPress-Wix fiasco and Oracle and Google never ending battle on Java’s APIs, copyleft open source software licenses remains a hot topic.

    To understand which way the wind is blowing in regards to open source licenses, we here at WhiteSource decided to do a comprehensive research of what license types are currently in use by the community


    Read More
  • open source logos

    Ever wanted to know the stories behind the logos of some of our favorite open source tools and technologies out there? Well, we here at WhiteSource are all about open source!

    In this week’s post, we’ve done a bit of digging, and found the meaning behind some of the logos we all know and love.


    Read More
  • PHPMailer vulnerability

    If you don’t think you’ve used PHPMailer, you’re probably wrong. In fact, 9 million sites out there use the code libraries to handle such tasks submitting emails, registrations forms, password email resets etc.

    Subsequently, you might not be too pleased to hear that a vulnerability has been discovered affecting one of the libraries’ components, leaving millions of websites open to attack.

    Are you affected, and what should you do if you are? Read more to find out.


    Read More
  • application security testing

    With around 85% of all cyber-attacks happening at the application layer, it’s clear that application security testing should be a serious priority for all organizations, big and small. But why are application level attacks so common?

    More importantly, what security testing tools are on offer to protect your applications, and in which stages of your SDLC should you use them?


    Read More
  • Open Source Compliance: The Carrot and the Stick

    8 December 2016

    By Patricia Johnson

    open source compliance

    Open source has become central in how companies develop software products as it dramatically reduces time to market. The surprising thing is that, despite its high usage and popularity, many people in our industry are still nervous when it comes to using open source. Especially around open source compliance.

    This hesitance comes mainly due to the misunderstanding how open source compliance is enforced. So, what can we as a community do to allay their fears and promote the benefits of open source compliance?


    Read More
  • story open source management

    A day in the life of Dave and Mike

    Dave is a lean, mean highly organized machine. Whereas Mike is more relaxed about his affairs. Consequently, you can probably guess who’s usually ahead of the curve when it comes to dealing with challenging situations.

    Believe it or not, these two guys can tell us a lot about the benefits of using an automated open source management solution.


    Read More
  • scanners2

    Back in 2002, a startup named Black Duck Software pioneered an automated way to search for and identify open source code that was introduced by developers. In a nutshell, the method was based on scanning the code and identifying pieces of code (aka snippets) that resemble code that appears in known open source components. The user is then alerted to the similarity and should check each such instance. Soon, a few other vendors offered a code scanning solution to the open source discovery challenge (e.g., Protecode, Palamida, and Open Logic).

    Over time, it became clear that scanning is not as easy and automated as one may think. In addition, this technology no longer fits with today’s agile development environment.


    Read More