As the software supply chain becomes increasingly complex in today’s interconnected world, securing it becomes more challenging. Supply chain attacks have become more frequent and sophisticated. Organizations must ensure their software is free from open source vulnerabilities while understanding the obligations of the attached licenses. One critical aspect of securing the software supply chain is […]
Tag: #opensourcesecurity
On Oct 25, 2022, The OpenSSL project announced a forthcoming release of OpenSSL (version 3.0.7) to address a critical security vulnerability. This release is now live. The last critical vulnerability in OpenSSL was released in 2016. Our security team has today added this vulnerability to the Threatrix vulnerability database. Vulnerability Details The OpenSSL project has marked this vulnerability as critical […]
The most critical challenge your organization faces when choosing a software composition analysis (SCA) vendor is understanding that some miss up to 60% of the open source, exposing your organization to security and licensing risks. We’re also seeing challenges surrounding the accuracy of the results. A vendor will find some open source but then mismatch […]
As a result of Log4Shell’s popularity and easy exploitability, its potentially severe impact is tremendous. What has emerged is not just how mainstream it is, but how deeply woven it is into the software we use, and how difficult it is to detect. Log4Shell Detection Because it is common across open source and third-party applications, […]
Log4Shell exploits are present in 17,000 unpatched Log4J packages in the Maven Central ecosystem, posing a significant supply-chain risk. Google security estimates that approximately 17,000 Java packages in the Maven Central repository are vulnerable to Log4j – and that it will take “years” for it to be fixed across the ecosystem. The Log4j bug impacts […]
According to two recent security research reports* on open source software, internally developed software contains up to 75% of open-source software. The report also concludes that open-source used within codebases contain on average 158 vulnerabilities and 60% of the codebases have ‘high risk’ open-source vulnerabilities that have been actively exploited. According to research, the three […]