Categories
compliance Mergers & Acquisitions

The Happiest Day of your Life: You are Being Acquired

Imagine, if you will, you (and your team of developers) have invested the last two years building a fantastic new Software as a Service solution, and you have poured blood, sweat, and tears into the development process. Your team of developers has used every trick in the book to build the fastest, most efficient, incredible […]

Categories
compliance DAST open source licensing open source security SAST Software Bill of Materials

Where to put your money first for Security tools. SCA, SAST, or DAST?

Having researched the importance of securing your company’s intellectual property, you have started down the road towards what tools work best for securing it. Let’s look at the three most common tools companies should consider purchasing and where best to allocate your cybersecurity funds. The three most popular tools are SCA, SAST, and DAST.  Software […]

Categories
compliance log4j open source licensing open source security

Security and License Compliance Awareness is the Theme of Open Source 2022

Open-source software is in all software development, and we’ll see even more growth continue in 2022. Every industry vertical uses and develops open-source software, and all businesses are considered software companies. As a result of the pandemic, more businesses offer their products and services online or through apps. The increase in open source adoption and […]

Categories
open source licensing open source security Software Bill of Materials

Measuring Up Software Composition Analysis Tools

The most critical challenge your organization faces when choosing a software composition analysis (SCA) vendor is understanding that some miss up to 60% of the open source, exposing your organization to security and licensing risks. We’re also seeing challenges surrounding the accuracy of the results. A vendor will find some open source but then mismatch […]

Categories
apache log4j open source security

Threatrix Apache Log4j Detection Demonstration

Keeping current with Log4j dependencies and new exploits is a complex and ongoing challenge. Organizations struggle to find the proverbial needle in hundreds of haystacks in a constantly changing environment. Then there is the issue of finding the right security tool to use across numerous applications and networks. Our Truematch technology gives us the unique […]

Categories
log4j open source security

Your Scanner Is Still Missing Log4j

As a result of Log4Shell’s popularity and easy exploitability, its potentially severe impact is tremendous. What has emerged is not just how mainstream it is, but how deeply woven it is into the software we use, and how difficult it is to detect. Log4Shell Detection Because it is common across open source and third-party applications, […]

Categories
cyber attack cybersecurity log4j open source security

The FTC Will Pursue Companies Not Patching Log4j to Protect Customer Data

Log4Shell exploits are present in 17,000 unpatched Log4J packages in the Maven Central ecosystem, posing a significant supply-chain risk. Google security estimates that approximately 17,000 Java packages in the Maven Central repository are vulnerable to Log4j – and that it will take “years” for it to be fixed across the ecosystem.  The Log4j bug impacts […]

Categories
compliance cybersecurity Open Source open source licensing security

What Are the Ingredients for an Accurate SBOM?

The Software Bill of Materials (SBOM) has made quite a stir lately. From President Biden’s executive order to further secure our infrastructure to the NHS in Britain, emulating the mandate to improve security and transparency for England’s healthcare system. Given the sudden popularity of the SBOM and the resulting demand to create one, we feel […]

Categories
open source security Uncategorized

“Set and Forget” Approach to Open Source Software Creates Security and Compliance Risks

According to two recent security research reports* on open source software, internally developed software contains up to 75% of open-source software.  The report also concludes that open-source used within codebases contain on average 158 vulnerabilities and 60% of the codebases have ‘high risk’ open-source vulnerabilities that have been actively exploited. According to research, the three […]

Categories
compliance cybersecurity Open Source

Why Software Supply Chain Security is so Important

How do you know what is really in your software? Open-source software is present in an overwhelming amount of proprietary codebases and public projects. For the global 2000, the question you should be asking is not “ if you are or aren’t using open source code.” The right question is, “what open-source code you’re using, […]