While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.
Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you.
Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.
The integration of open-source based Privacera into Dremio’s data lakehouse is designed to allow joint customer enterprises to manage and organize secure data access.
GitHub also announces CodeQL support for Ruby programming language and coverage/risk overviews to help users secure the software development lifecycle.
Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...
Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.
Startup Endor Labs comes out of stealth with an end-to-end platform to help CSOs understand and catalogue everything developers are using from the internet.
Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...
Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.