Open Source Vulnerability Management

U.S. Government Memo Requires Self-Attestation to Secure Development Practices

U.S. government agencies must now require software suppliers to self-attest that they have adhered to NIST Guidance for secure software development.

A Practical Guide to the SLSA Framework

SLSA is a Google-created framework designed to help organizations improve the integrity of their software supply chains.

Open Source Vulnerability Management

How to Implement the CSRB’s Log4j Security Recommendations

See guidance for implementing the security recommendations in the CSRB's recent report on the Log4j vulnerability.

Inside FOSSA

Announcing the Private Beta of FOSSA Risk Intelligence

We're excited to announce the private beta of FOSSA Risk Intelligence, which will help users harden their software supply chains.

Open Source Vulnerability Management

Understanding and Preventing Dependency Confusion Attacks

Dependency confusion exploits rely on a quirk in certain package managers. See how these attacks can happen, and get guidance on preventing them.

Open Source Vulnerability Management

An Overview of Spring RCE Vulnerabilities

A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.

Developer Perspectives

The Three Pillars of Reproducible Builds

Explore three key principles of designing reproducible builds: repeatable builds, immutable environments, and source availability.

Open Source in the News

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.

Open Source Vulnerability Management

React Security: How to Fix Common Vulnerabilities

Explore several common vulnerabilities that impact React component libraries and see how to remediate them.

Open Source Vulnerability Management

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.

Open Source Vulnerability Management

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.

Open Source Vulnerability Management

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.

Open Source Vulnerability Management

DevSecOps 101: Understanding and Implementing DevSecOps Principles

See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.

Open Source in the News

Embedded Malware in NPM: Coa, Rc, Ua-parser

Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.

Open Source Vulnerability Management

Anatomy of a Software Supply Chain Attack

Software supply chain attacks are an increasingly common and dangerous type of cyberattack. Here's how to defend against them.

Open Source Vulnerability Management

Container Image Security and Vulnerability Scanning

Get an overview of today's container image security landscape, including common attack vectors and the importance of vulnerability scanning.

Open Source Vulnerability Management

All About CWE-79: Cross-Site Scripting

CWE-79: Cross Site Scripting (XSS) is one of today's most commonly found vulnerabilities. Here's a look at different types of XSS attacks and how to stop them.

Open Source Vulnerability Management

Application Security for Developers: SCA, DAST, and GitHub Actions

See how tools like SCA and DAST can fuel developer-centric application security, and get step-by-step guidance for using them in GitHub Actions.

Open Source in the News

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

Dive into the latest data on today's open source security landscape, and see which libraries and languages are most vulnerable to attacks.

Open Source Vulnerability Management

Introducing Open Source Security Management at Enterprise Scale

Today, we are excited to announce the launch of FOSSA Security Management, empowering enterprises to proactively and continuously prevent vulnerabilities from shipping to production and mitigating risk throughout the entire software development lifecycle.