Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!
Open source maintainers give up their own time to create great pieces of free software, which we then use to create business value. In our State of Open Source Security Report, open source consumers and maintainers were asked about their security expertise, actions and sense of ownership—and the results were very mixed.
Bower is no longer the dependency manager of choice for front-end projects. While the open source project is still maintained, its creators decided to deprecate it, and have advised how to migrate to other solutions. In this post, we explain why Bower used to be great, list six reasons why it isn't necessary anymore, and explain how to move on to newer and better technologies.
Today we're excited to launch the 2017 State of Open Source Security Report! The full report is available as a free PDF, and the highlights are collected online.
In this post we review and compare the Apache, BSD and MIT license to see what to use in your own project, and when.
After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement starting as early as May 2018, at which time those organisations in non-compliance will face heavy fines. In this post we explain how that impacts companies using open-source and how they can protect themselves.
Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey short and to the point—so […]
Equifax, a credit monitoring giant, disclosed last week it was breached, exposing highly personal data of 143 million people, and stated the root cause was vulnerability in Apache Struts, a highly popular Java library. The company fumbled its response to the attack, and keeping our data secure is their responsibility. However, they’re definitely not the […]
The OWASP Top 10 is a well known index of web app security vulnerabilities which is used every day by security professionals, but it doesn't currently take into account how often those vulnerabilities are used by hackers. We dug through security breach records to see which vulnerabilities are exploited most frequently.