open source security Uncategorized

“Set and Forget” Approach to Open Source Software Creates Security and Compliance Risks

According to two recent security research reports* on open source software, internally developed software contains up to 75% of open-source software.  The report also concludes that open-source used within codebases contain on average 158 vulnerabilities and 60% of the codebases have ‘high risk’ open-source vulnerabilities that have been actively exploited. According to research, the three […]

developer Open Source

Happy Developers are Productive Developers

A Development Manager has many hats. Their responsibilities include overseeing the team’s development of systems, software, and deployments. They are in charge of training, hiring, budgets, and enforcing deadlines. Perhaps, their most important role is to improve their developer’s productivity. Developers are the foundation of a company’s software success. A happy developer will be more […]


Cyber Attacks Can Kill Your SMB

Cybersecurity should not only concern large organizations; the size of a company does not matter in today’s cyberspace. No matter their size, companies are at risk of cyberattacks. Many SMBs are unaware that they are at risk of cyberattacks since they do not have the necessary resources to keep up with the latest information on […]

cybersecurity Open Source

Airline Supply-Chain Attacks on The Rise

SITA, a communications and IT vendor for 90% of the world’s airlines, has been breached. Passenger data stored on the company’s U.S. servers has been compromised.  Malaysia Airlines sent out an email to their frequent flyer members informing them that there’s “no evidence” their personal data has been misused but that is highly unlikely. It […]

Open Source

Supply chain attack targets internal apps at tech giants

Alex Birsan, an ethical hacker discovered a security vulnerability belonging to several companies, including Tesla, Apple, Netflix, and Microsoft by exploiting open-source repositories that allowed him to run code on their internal systems. The supply chain attack involved uploading malware to open-source repositories including npm, PyPI, and RubyGems that got distributed downstream. The supply chain […]