• License Compliance
  • Security Management
  • About FOSSA
  • Contact Us
  • License Compliance
  • Security Management
  • About FOSSA
  • Contact Us
  • Request Demo
    Request Demo
  • Vulnerability Management
  • License Compliance
  • Open Source in the News
  • Software Composition Analysis
  • Developers

Open Source Vulnerability Management

A collection of 15 posts

Open Source Vulnerability Management

An Overview of Spring RCE Vulnerabilities

A pair of critical remote code execution vulnerabilities impacting Spring were disclosed this week.

  • FOSSA Editorial Team
3 min read
Developer Perspectives

The Three Pillars of Reproducible Builds

Explore three key principles of designing reproducible builds: repeatable builds, immutable environments, and source availability.

  • Kit Martin
    Kit Martin
7 min read
Open Source in the News

5 Highlights from the U.S. Senate’s Log4J Vulnerability Hearing

The U.S. Senate's hearing on Log4Shell brought to light new information on the Log4J vulnerability and industry's response to it.

  • FOSSA Editorial Team
7 min read
Open Source Vulnerability Management

React Security: How to Fix Common Vulnerabilities

Explore several common vulnerabilities that impact React component libraries and see how to remediate them.

  • Gaya Dissanayake
    Gaya Dissanayake
4 min read
Open Source Vulnerability Management

How to Quickly Find and Remediate Log4J Vulnerabilities (Log4Shell)

See how your organization can quickly identify and remediate Log4J vulnerabilities in your code.

  • Solomon Rubin
    Solomon Rubin
3 min read
Open Source Vulnerability Management

How to Fix the New Log4J DoS Vulnerability: CVE-2021-45105

See the impact of the new Log4J denial of service (DoS) vulnerability, and get guidance on how to fix it.

  • Solomon Rubin
    Solomon Rubin
2 min read
Open Source Vulnerability Management

Log4J "Log4Shell" Zero-Day Vulnerability: Impact and Fixes

A critical vulnerability has been discovered in Apache Log4J, the popular java open source logging library. Here's what happened and how to fix it.

  • Solomon Rubin
    Solomon Rubin
  • Matthew Schwartz
    Matthew Schwartz
3 min read
Open Source Vulnerability Management

DevSecOps 101: Understanding and Implementing DevSecOps Principles

See how DevSecOps principles can make software development more secure, and discover strategies for an effective DevSecOps implementation.

  • FOSSA Editorial Team
5 min read
Open Source in the News

Embedded Malware in NPM: Coa, Rc, Ua-parser

Several widely used NPM packages have been struck by malware in recent weeks. Get a deep dive into how the incidents happened and what you can do about them.

  • Gauthami Polasani
  • Solomon Rubin
    Solomon Rubin
4 min read
Open Source Vulnerability Management

How to Defend Against Software Supply Chain Attacks

Software supply chain attacks are an increasingly common and dangerous type of cyberattack. Here's how to defend against them.

  • Matthew Schwartz
    Matthew Schwartz
6 min read
Open Source Vulnerability Management

Container Image Security and Vulnerability Scanning

Get an overview of today's container image security landscape, including common attack vectors and the importance of vulnerability scanning.

  • FOSSA Editorial Team
7 min read
Open Source Vulnerability Management

All About CWE-79: Cross-Site Scripting

CWE-79: Cross Site Scripting (XSS) is one of today's most commonly found vulnerabilities. Here's a look at different types of XSS attacks and how to stop them.

  • FOSSA Editorial Team
6 min read
Open Source Vulnerability Management

Application Security for Developers: SCA, DAST, and GitHub Actions

See how tools like SCA and DAST can fuel developer-centric application security, and get step-by-step guidance for using them in GitHub Actions.

  • Solomon Rubin and Scott Gerlach
6 min read
Open Source in the News

4 Takeaways from the 2021 State of Open Source Vulnerabilities Report

Dive into the latest data on today's open source security landscape, and see which libraries and languages are most vulnerable to attacks.

  • FOSSA Editorial Team
2 min read
Open Source Vulnerability Management

Introducing Open Source Security Management at Enterprise Scale

Today, we are excited to announce the launch of FOSSA Security Management, empowering enterprises to proactively and continuously prevent vulnerabilities from shipping to production and mitigating risk throughout the entire software development lifecycle.

  • Gauthami Polasani
4 min read
  • For the Love of Open Source © 2021 FOSSA, Inc.
  • Privacy Policy
  • Terms & Conditions