Blog Archive

Open Source Security

3 Jedi-inspired lessons to level up your JavaScript security

May 4, 2022

Vulnerability Insights

Targeted npm dependency confusion attack caught red-handed

April 30, 2022

Open Source Security

C++ in the wild: Which industries use C++?

April 29, 2022

Open Source Security

Under the C: A glance at C/C++ vulnerabilities in Python land

April 28, 2022

Open Source Security

6 Software Composition Analysis (SCA) best practices

April 27, 2022

Open Source Security

6 tips for managing your open source components

April 26, 2022

Vulnerability Insights

An unintimidating introduction to the dark arts of C/C++ vulnerabilities

April 15, 2022

Open Source Security

Spring4Shell extends to Glassfish and Payara: same vulnerability, new exploit

April 8, 2022

Vulnerability Insights

Alert: LaughTilYouCry ransomware sabotages npm package (with puns)

April 1, 2022

Vulnerability Insights

Spring4Shell: The zero-day RCE in the Spring Framework explained

April 1, 2022

Vulnerability Insights

Spring4Shell: What we know about the Java RCE vulnerability

March 31, 2022

Open Source Security

Using the Snyk Vulnerability Database to find projects for The Big Fix

March 30, 2022

Vulnerability Insights

Protestware is trending in open source: 4 different types and their impact

March 22, 2022

Vulnerability Insights

dompdf security alert: RCE vulnerability found in popular PHP PDF library

March 18, 2022

Open Source Security

Build a software bill of materials (SBOM) for open source supply chain security

March 14, 2022

Open Source Security

Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters

February 28, 2022

Vulnerability Insights

Join The Big Fix: a 24-hour livestream dedicated to fixing security vulnerabilities in your projects

February 21, 2022

Open Source Security

Using the Snyk Vulnerability database to identify projects for The Big Fix

February 16, 2022

Vulnerability Insights

Teaming up with Sysdig to deliver developer and runtime Kubernetes security

February 16, 2022

Open Source Security

Case study: Python RCE vulnerability in Celery

February 15, 2022

Open Source Security

SAST and SCA: Better together with Snyk

February 10, 2022

Vulnerability Insights

Log4Shell remediation with Snyk by the numbers

February 5, 2022

Vulnerability Insights

Stranger Danger: Live hack of how a Log4Shell exploit works

January 25, 2022

Vulnerability Insights

Open source maintainer pulls the plug on npm packages colors and faker, now what?

January 9, 2022