Open source software is a critical component of modern applications, but it also introduces security risks that must be managed effectively. For Software Engineering and Information Security Managers, balancing vulnerability remediation with development speed can be challenging, especially when adopting new security tools. While the initial learning curve may seem steep, refining software development processes…
Continue ReadingDevOps
Industry News
Fidelity says data breach exposed personal data of 77,000 customers
Internet Archive hacked, data breach impacts 31 million users
Water supplier American Water Works says systems hacked
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures
Application Security Guide for Startups, SMBs, and Growing Teams
Startups, small businesses (SMBs), and growing software development teams operate in fast-paced environments where security and compliance can be overlooked in favor of rapid development and allocating resources elsewhere. However, building application security and regulatory compliance into your software development practices from the start is critical to building customer and stakeholder trust, avoiding legal issues,…
Continue ReadingTen Tips to Protect Your Dev Team from Business Interruptions
In today’s fast-paced digital world, development teams are constantly under pressure to deliver innovative solutions. However, technical audits, business compliance requirements, and IT governance policies can create unexpected interruptions that disrupt workflows and slow progress. Here are ten tips to protect your development team from these business interruptions by integrating security and compliance into their…
Continue ReadingReducing False Positives and Developer Toil in Application Security
False positives in application security can be a major source of frustration for development teams, leading to wasted time, unnecessary work, and reduced trust in security tools. However, it’s important to differentiate between true false positives and developer toil caused by inefficient security processes. Understanding this distinction helps teams focus on real security threats while…
Continue ReadingThe CTO’s Guide to Practical DevSecOps
CTOs know that in 2025, software security involves more than checking a box; it’s a set of practices, tools, and most importantly, a mindset that’s built into your software development process. Whether you’re leading dozens of software engineers, or have dozens of software engineering teams, the people you rely on most to protect your business…
Continue ReadingGetting the Most Out of SCA
Software Composition Analysis (SCA) is an important practice in modern software development, enabling teams to manage and secure the open-source components within their applications. By effectively utilizing SCA tools, such as SOOS’s Software Composition Analysis, you can identify vulnerabilities, ensure license compliance, and maintain the integrity of your software to avoid costly security, business, and…
Continue ReadingSOOS Community Edition is Totally Free!
SOOS’s new Community Edition is a totally free version of our software composition analysis (SCA) tool available to educational users and all developers working on open source projects. That’s FREE, as in beer. Free Vulnerability Scanner Now you can access the most practical and effective supply chain security tool available, at no cost. Identify and…
Continue ReadingSOOS Year in Review
We’ve had an exciting year at SOOS. We want to thank all of our customers for a great 2022, and an even better 2023!
Continue ReadingSBOMs to Be Required for Software Developers Who Do Business with the Federal Government
In May of 2021, the Biden Administration issued a new and aggressive mandate to all government agencies to ratchet up cybersecurity. As a result, we can expect to see an SBOM requirement for all software developers doing business with the Federal Government. EO 14028, The Executive Order Improving the Nation’s Cybersecurity, is a broad and…
Continue ReadingTop 10 Open Source Software Security Breaches
The programming world needs to cope with the continual rise of data breaches and coding vulnerabilities every year. Despite the sustained effort to perfect coding languages and programs, programmers will always fall on either side of the spectrum of good or bad, meaning that black-hat coders are constantly searching for weaknesses in software and systems….
Continue Reading