software supply chain hygiene
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
Richi Jennings | | Buffer Overflow, buffer overflow attack, Buffer Overflow Vulnerabilities, buffer overflows, Chrome, Chromium, edge, Electron, Exploitable Vulnerabilities, Firefox, google, Heap Overflow, libwebp, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, opera, SB Blogwatch, secure software supply chain, slack, software supply chain, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Risks, thunderbird, WebP
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
Security Boulevard
Beyond npm Audit to Traverse an Increasingly Complex Dependency Tree
Mike Hoskins | | Community Product, FEATURED, Industry commentary, News and Views, Nexus Repository OSS, npm, PyPI, software supply chain hygiene
If you've been immersed in the Node.js/JavaScript community for awhile, or even if you are just getting started, you are likely using npm audit to scan package dependencies in your projects. It's ...
Gartner: You Must Assess Overall Software Health and Welfare
Katie McCaskey | | 2019 State of the Software Supply Chain Report, FEATURED, Gartner, Industry commentary, News and Views, Product, software supply chain hygiene
Gartner’s recent report Technology Insight for Software Composition Analysis, makes four open-source security recommendations that companies should think about when determining what type of software composition analysis program they want to have ...
Nexus Lifecycle Now Integrates with Azure DevOps to Secure Software Supply Chains in the Cloud
Michelle Dufty | | azure, Cloud, DevOps in the Cloud, FEATURED, Nexus Lifecycle, open source software supply chain, Product, software supply chain hygiene
As more and more software development teams move to the cloud, it is now more important than ever to ensure that only the best open source components make it into a final ...