Open Source and Software Supply Chain Risks
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi
Richi Jennings | | BIOS, CVE-2023-40547, Enterprise Linux and Open Source, Linux, open source, Open Source and Software Supply Chain Risks, open source code, Open Source Community, open source components, open source development, Open Source Ecosystem, SB Blogwatch, secure boot, shim, UEFI, UEFI Failing, UEFI vulnerabilities
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...
Security Boulevard
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Black Duck audits reporting update: Streamlined view of risks and remediation steps
Emmanuel Tournier | | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance
New Synopsys Black Duck® engagement summary report summarizes a breadth of insights across all domains of software due diligence. Introducing the new engagement summary report Synopsys is offering a new Black Duck® ...
The parallels of AI and open source in software development
Phil Odence | | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance
Parallels between the history of open source and the rise of AI in software development can teach us valuable AppSec lessons ...
The rise of AI in software development
Phil Odence | | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance
Generative artificial intelligence tools are changing the world and the software development landscape significantly. Our webinar series will help you understand how ...
Why nontechnical organizations need due diligence
Don Mulrenan | | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance
Software impacts tech and nontech businesses alike, which is why a strategic acquirer or PE firm always needs due diligence. ...
Defending against malicious packages in the npm ecosystem and beyond
Fred Bals | | Managing security risks, Open Source and Software Supply Chain Risks, Software Composition Analysis
Learn how to shield your organization from the danger of malicious packages in the npm ecosystem and beyond. ...
2023 OSSRA deep dive: High-risk vulnerabilities
Fred Bals | | Open Source and Software Supply Chain Risks, Open source license compliance, Software compliance quality and standards
The 2023 OSSRA report indicates that organizations are failing to patch high-risk vulnerabilities; our vulnerability deep-dive shows how to evaluate your own risk. ...
FDA: SBOMs requirement for connected medical devices
Julie Courtnay | | M&A and OSS license compliance, Mergers and acquisitions due diligence, Open Source and Software Supply Chain Risks, Open source license compliance
With FDA requirements mandating a cybersecurity bill of materials (CBOM) for medical devices, consider partnering with a trusted SBOM solution provider ...