As a backbone of software ecosystems, security is a massive driver for acquiring new customers and ensuring they’re able to use software securely. However, maleficent forces have, and will, find their way into applications regardless of how vast or tall security gates are set up. Recently, a critical vulnerability in Apache Log4j, a popular Java … continue reading
WhiteSource, an open-source security and management company, today announced that a Log4j remediation preset is now included in both its commercial product and free GitHub developer tool. With this preset, enterprises can find and fix Log4j dependencies, both direct and indirect. WhiteSource is also bringing users a new online research center in order to provide … continue reading
SafeLog4j is an open-source tool that can detect and verify vulnerable Log4j applications and protect them. This project comes after a 0-day exploit in the Java logging library, Log4j (version 2) was discovered on December 9. The vulnerability resulted in Remote Code Execution by logging a certain string. SafeLog4j works inside an application, blocking the … continue reading
Version 3.0 of the open-source io.js fork of the Node.js JavaScript V8 runtime has been released. Now under the auspices of the Node.js Foundation, io.js 3.0 implements changes in buffers for more performant arrays; adds PPC build support and a new dgram error callback; and has changes to freelist, http, the node module, REPL, TLS … continue reading
