The log4J zero day vulnerability being referred to as “Log4Shell” (CVE-2021-44228) was firsts discovered on December 9th, 2021, and is getting a lot of well-deserved attention because of its wide-reach and high severity. This log4J vulnerability allows for unauthenticated remote code execution and can be weaponized to allow the complete takeover of a vulnerable system….
Continue ReadingOpen Source
How Do I Use BitBucket Security Scanner?
The code management software Bitbucket helps teams collaborate more cohesively to improve the integration of high-quality code. Core features are available to all Bitbucket users, while the choice between cloud, data center, or on-site servers determines a user’s accessibility to several valuable abilities. Bitbucket’s user-friendly interface makes it easy to monitor and track all pull…
Continue Reading
Supply Chain Attacks – Defend Against Dependency Substitution and Typosquatting
If you’ve referenced open-source software in your software development process, you’ve relied on code published to public repositories as “packages”. These packages can be an attack vector when a malicious character uses Dependency Substitution or Typosquatting to ceate a supply chain attack. Those packages are downloaded and installed by a package manager. Each programming language…
Continue Reading
Docker Vulnerabilities and Security Risks
Since 2013, Docker has enabled rapid development and deployment of web applications. With its innovative approach to containers, Docker also pioneered a way to distribute highly secure applications. Nonetheless, security is never perfect. With even the most popular docker images containing vulnerabilities or malware, a hard look at Docker security issues is a wise move…
Continue Reading
10 Ways to Make GitHub Safe
Is GitHub Safe? The platform is as safe as a developer makes it. Learn about the cheats, tools, and tactics to keep projects safe throughout development.
Continue Reading
BSD vs MIT License
The BSD vs MIT license contest has a lively history. Learn about the high-stakes gambles and exasperating missteps behind the leading FOSS licenses.
Continue Reading
What Is Bower?
What is Bower, and what are the alternatives to this popular but deprecated package manager? Learn the past and future of client-side dependency management.
Continue Reading
Things to Worry About in Software M&A
Mergers between and acquisitions of software companies occur with great frequency in the current tech market. They are a high stakes process, with a lot on the line for all parties involved. Public companies who are conducting software M&A deals must invest their capital wisely to maximize stock value, as the reputation of the company’s…
Continue Reading
The Purpose and Process of Software Due Diligence
Software due diligence is a process completed during a merger or acquisition of a software company that analyzes all aspects of the target company, its operation and its product prior to investment or purchase by another company. It is a key step in building trust between the companies, as it is used to determine how…
Continue Reading
Managing OSS for Mergers and Acquisitions
In today’s software industry, mergers and acquisitions are quite common, even considered a frequent occurrence. Some in the industry have even said they’re “the name of the game” in the software industry. While larger companies often acquire smaller ones, it isn’t at all uncommon for the opposite to occur, so no matter how large or…
Continue Reading