Tag: CVE
How Open Source Dependency and Repo Attacks Compromise DevOps Pipelines and How to Stay Safe
Alex Vakulov | | CVE, Dependency Governance, log4j, Malicious Code Injection, open source security, Package Managers, SBoM, secure development, supply chain risk, typosquattingModern applications rely on open source components for up to 90% of their code, creating a vast attack surface dominated by inhemalicious supply chain injections. High-profile incidents like Log4j and the sabotage ...
Open-Source Software Community Riled by Yet Another CVE
Another maintainer of an open-source software project has decided to no longer actively update IP address parsing utilities used widely by JavaScript developers ...
Standardize: It’s Not the Where. Sometimes it’s Not the What
Don Macvittie | | ai, Application Test, Common Vulnerabilities and Exposures, CVE, DevOps toolchains, ml, SaaS, Security Test, standardizationIn our industry’s attempts to follow best practices that marketers assure us we must have or we are going to lose to our biggest competitor … No, wait, we’ll lose to that ...
WhiteSource Report Finds NPM Vulnerabilities Fixed Fast
WhiteSource today published a report that found most of the vulnerabilities that affect node package managers (NPMs), widely employed to deploy JavaScript applications, are addressed long before they are assigned a Common ...
ClickShare Vulnerabilities May Have Been Patched, But They Mask a Much Bigger Problem
Matias Madou | | automation platform, Barco, ClickShare, Common Vulnerabilities and Exposures, CVE, devsecops, imaging technology, securityI think we can all recall a time in recent memory where, in a meeting or at a conference, someone has had issues with presentation technology. It happens so often that there ...
