Azul Vulnerability Detection promises to eliminate false positives without impacting performance, by drawing on monitoring and detection capabilities inside the Azul JVM.
An open-source program office (OSPO) can act as both gatekeeper and evangelist in an organization’s struggle to ensure ubiquitous open-source components – incredibly useful but vulnerable to bad actors and misuse – are deployed safely...
Most companies believe they are using no open-source software libraries with known vulnerabilities, but new research finds them in 68% of selected enterprise applications.
Startup Endor Labs comes out of stealth with an end-to-end platform to help CSOs understand and catalogue everything developers are using from the internet.
Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...
Vendors, collectives and governments are contributing to improve the security of open-source code, software, and development amid organizations’ increasing use of open-source resources.
Understanding the differences between these widely used software bill of materials format standards is important, but your tools will likely need to support both.
An SBOM is a detailed guide to what's inside your software. It helps vendors and buyers alike keep track of software components for better software supply chain security.
Authorization is an essential and non-trivial need in application development. Modern requirements have only increased the complexity of delivering adequate authorization. Auth0 aims to make authorization more standard and...
Companies are still struggling to gain confidence in the security of their open-source projects, but shifting security earlier in the development process shows promise.