• License Compliance
  • Vulnerability Management
  • About FOSSA
  • Contact Us
  • License Compliance
  • Vulnerability Management
  • About FOSSA
  • Contact Us
  • Request Demo
    Request Demo
  • Vulnerability Management
  • License Compliance
  • Open Source in the News
  • Software Composition Analysis
  • Developers

Open Source Vulnerability Management

A collection of 24 posts

Open Source Vulnerability Management

How to Operationalize SBOMs Throughout the SDLC

Explore best practices for getting value from software bill of materials (SBOM) data throughout the software development lifecycle.

  • Kenaz Kwa
    Kenaz Kwa
4 min read
Open Source Vulnerability Management

OpenSSL Vulnerability 2022: Details and Fixes

Two new high-severity vulnerabilities impacting OpenSSL have been disclosed. Here's what we know about the issues and how to address them.

  • FOSSA Editorial Team
    FOSSA Editorial Team
2 min read
Open Source in the News

CVE-2022-42889 Text4Shell Vulnerability: Impact and Fixes

See important details on the Text4Shell vulnerability, including affected versions, how it compares to Log4Shell, and how to identify and remediate it.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Open Source in the News

Analyzing the Securing Open Source Software Act

A new piece of proposed legislation would direct the U.S. federal government to create a framework for assessing security risks in open source software.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

U.S. Government Memo Requires Self-Attestation to Secure Development Practices

U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

A Practical Guide to the SLSA Framework

SLSA is a Google-created framework designed to help organizations improve the integrity of their software supply chains.

  • John Speed Meyers (Chainguard) and Andy Drukarev (FOSSA)
    John Speed Meyers (Chainguard) and Andy Drukarev (FOSSA)
7 min read
Open Source Vulnerability Management

How to Implement the CSRB’s Log4j Security Recommendations

See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Inside FOSSA

Announcing the Private Beta of FOSSA Risk Intelligence

We're excited to announce the private beta of FOSSA Risk Intelligence, which will help users harden their software supply chains.

  • Gauthami Polasani
    Gauthami Polasani
2 min read
Open Source Vulnerability Management

Understanding and Preventing Dependency Confusion Attacks

Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.

  • FOSSA Editorial Team
    FOSSA Editorial Team
4 min read
Open Source Vulnerability Management

An Overview of Spring RCE Vulnerabilities

A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.

  • FOSSA Editorial Team
    FOSSA Editorial Team
3 min read
Developer Perspectives

The Three Pillars of Reproducible Builds

Explore three key principles of designing reproducible builds: repeatable builds, immutable environments, and source availability.

  • Jessica Black
    Jessica Black
7 min read
Open Source in the News

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Open Source Vulnerability Management

React Security: How to Fix Common Vulnerabilities

Explore several common vulnerabilities that impact React component libraries and see how to remediate them.

  • Gaya Dissanayake
    Gaya Dissanayake
4 min read
Open Source Vulnerability Management

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.

  • Solomon Rubin
    Solomon Rubin
3 min read
Open Source Vulnerability Management

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.

  • Solomon Rubin
    Solomon Rubin
2 min read
Open Source Vulnerability Management

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.

  • Solomon Rubin
    Solomon Rubin
  • Matthew Schwartz
    Matthew Schwartz
3 min read
Open Source Vulnerability Management

DevSecOps 101: Understanding and Implementing DevSecOps Principles

See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.

  • FOSSA Editorial Team
    FOSSA Editorial Team
5 min read
Open Source in the News

Embedded Malware in NPM: Coa, Rc, Ua-parser

Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.

  • Gauthami Polasani
    Gauthami Polasani
  • Solomon Rubin
    Solomon Rubin
4 min read
Open Source Vulnerability Management

Anatomy of a Software Supply Chain Attack

Software supply chain attacks are an increasingly common and dangerous type of cyberattack. Here's how to defend against them.

  • Matthew Schwartz
    Matthew Schwartz
6 min read
Open Source Vulnerability Management

Container Image Security and Vulnerability Scanning

Get an overview of today's container image security landscape, including common attack vectors and the importance of vulnerability scanning.

  • FOSSA Editorial Team
    FOSSA Editorial Team
7 min read
Open Source Vulnerability Management

All About CWE-79: Cross-Site Scripting

CWE-79: Cross Site Scripting (XSS) is one of today's most commonly found vulnerabilities. Here's a look at different types of XSS attacks and how to stop them.

  • FOSSA Editorial Team
    FOSSA Editorial Team
6 min read
Open Source Vulnerability Management

Application Security for Developers: SCA, DAST, and GitHub Actions

See how tools like SCA and DAST can fuel developer-centric application security, and get step-by-step guidance for using them in GitHub Actions.

  • Solomon Rubin
    Solomon Rubin
6 min read
Open Source in the News

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

Dive into the latest data on today's open source security landscape, and see which libraries and languages are most vulnerable to attacks.

  • FOSSA Editorial Team
    FOSSA Editorial Team
2 min read
Open Source Vulnerability Management

Introducing Open Source Security Management at Enterprise Scale

Today, we are excited to announce the launch of FOSSA Security Management, empowering enterprises to proactively and continuously prevent vulnerabilities from shipping to production and mitigating risk throughout the entire software development lifecycle.

  • Gauthami Polasani
    Gauthami Polasani
4 min read
  • For the Love of Open Source © 2023 FOSSA, Inc.
  • Privacy Policy
  • Terms & Conditions