Open Source

Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!

JVM Ecosystem Survey 2018

We’re excited to launch the a brand new survey called the JVM Ecosystem Survey 2018 in partnership with the Java Magazine. Also, if we reach 2,500 responses, we'll give $2000 to Devoxx4Kids!

May 8, 2018

What do open source maintainers know about security?

Open source maintainers give up their own time to create great pieces of free software, which we then use to create business value. In our State of Open Source Security Report, open source consumers and maintainers were asked about their security expertise, actions and sense of ownership—and the results were very mixed.

January 16, 2018

Bower is dead, long live npm. And Yarn. And webpack.

Bower is no longer the dependency manager of choice for front-end projects. While the open source project is still maintained, its creators decided to deprecate it, and have advised how to migrate to other solutions. In this post, we explain why Bower used to be great, list six reasons why it isn't necessary anymore, and explain how to move on to newer and better technologies.

December 5, 2017

Announcing the 2017 State of Open Source Security Report

Today we're excited to launch the 2017 State of Open Source Security Report! The full report is available as a free PDF, and the highlights are collected online.

November 16, 2017

Apache license 2.0, MIT license or BSD license : Who is the fairest of them all?

In this post we review and compare the Apache, BSD and MIT license to see what to use in your own project, and when.

November 1, 2017

Announcing Snyk-Powered Linting in Sonar

Earlier this year we ran a test on the top 5,000 URL's on the web and found that 76.6% of them were running a JavaScript library with at least one known security vulnerability. It's a frighteningly large number. That's why we're proud to announce that Snyk now powers the vulnerable JavaScript libraries linter in Microsoft's Sonar—an open-source linting tool for developers.

October 25, 2017

GDPR Compliance and Open Source

After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement starting as early as May 2018, at which time those organisations in non-compliance will face heavy fines. In this post we explain how that impacts companies using open-source and how they can protect themselves.

September 26, 2017

Launching the State of Open Source Security Survey

Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey short and to the point—so […]

September 21, 2017

Open source vulnerabilities tripped Equifax, how can you defend yourself?

Equifax, a credit monitoring giant, disclosed last week it was breached, exposing highly personal data of 143 million people, and stated the root cause was vulnerability in Apache Struts, a highly popular Java library. The company fumbled its response to the attack, and keeping our data secure is their responsibility. However, they’re definitely not the […]

September 11, 2017

Which of the OWASP Top 10 Caused the World’s Biggest Data Breaches?

The OWASP Top 10 is a well known index of web app security vulnerabilities which is used every day by security professionals, but it doesn't currently take into account how often those vulnerabilities are used by hackers. We dug through security breach records to see which vulnerabilities are exploited most frequently.

May 10, 2017

The Frequency of Known Vulnerabilities in JavaScript Libraries

An interesting whitepaper was released at the 2017 NDSS Symposium discussing a large-scale attempt at determining just how vulnerable client-side JavaScript libraries are. We wanted to share some of our thoughts on the report.

March 9, 2017