Topic: open source security

SD Times news digest: OpenSSF lays out new technical vision, Anchore and GitLab on DevSecOps, and ActiveState’s new funding for security-first development

Since inception last year, the Open Source Security Foundation (OpenSSF) community has been focused on helping developers use and share high-quality software with security handled proactively.  As a continuation of its commitment, the foundation is creating a Criticality Score as well as a Security metrics dashboard for open-source projects that will help prioritize which open-source … continue reading

Report: Organizations are taking too long to apply open-source security patches

A recent report found that while open-source software is top of mind for organizations, they fail to apply security patches in a timely manner. The DevSecOps Practices and Open Source Management in 2020 report by the Synopsys Cybersecurity Research Center found 51% of respondents take up to two to three weeks on average to apply … continue reading

Linux Foundation to improve open-source security with new initiative

The Linux Foundation has announced a new collaboration effort to improve open-source security. The Open Source Security Foundation (OpenSSF) aims to consolidate industry efforts with targeted initiatives and best practices.  According to the Linux Foundation, OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all … continue reading

The Linux Foundation reveals the most commonly used open-source software components

The Linux Foundation is addressing structural and security complexities in today’s modern software supply chains with the release of the ‘Vulnerabilities in the Core,’ a preliminary report and census II of open-source software.  The report was put together by the Linux Foundation’s Core Infrastructure Initiative and the Laboratory for Innovation Science at Harvard (LISH).  RELATED … continue reading

Code analysis tool Semmle joins GitHub

The code analysis platform provider Semmle wants to expand its reach with the announcement that it is joining GitHub. Together, the companies will work on addressing a big issue in open-source software: security.  RELATED CONTENT: Going to school on open-source security “Software security is a community effort; no single company can find every vulnerability or … continue reading

A managed open-source approach can improve the health of your open-source supply chain

The rise in attacks against the software supply chain is one outgrowth of vulnerabilities in open-source code that go unnoticed and therefore unpatched, a problem that has escalated despite the best efforts of enterprise development teams. As many recent high-profile breaches have underscored, it takes little for an overlooked patch to wreak havoc.  Even those … continue reading

Going to school on open-source security

Open-source software forms the backbone of most modern applications. According to the 2018 Black Duck by Synopsys Open Source Security and Risk Analysis Report, 96 percent of the 1,100 commercial applications that the company audited for the survey contained open-source components, with each application containing an average of 257 open-source components. In addition, on average, … continue reading

DMCA.com Protection Status