The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).
Open Source
October 02, 2024
Open-source software has injected fun and excitement into the lives of IT professionals and technology hobbyists alike ... Unsurprisingly, open-source software's lineage is complex ... A single open-source project may have thousands of lines of code from hundreds of authors which can make line-by-line code analysis impractical and may result in vulnerabilities slipping through the cracks ...
September 30, 2024
If you are like many developers, your work relies heavily on open source code. But do you ever stop to consider where this code comes from and what motivates the people who write it to keep it maintained and secure? We recently surveyed over 400 open source maintainers to learn more about their work ... Here are a few of the most critical findings we uncovered that impact development teams relying heavily on open source ...
June 27, 2024
The state of application development in 2024 shows further trends toward cloud development, open source, microservices and AI/ML integration according to the 2024 State of Application Development Report from Docker ...
May 13, 2024
Managing and securing your software supply chain is vital to delivering reliable, trusted releases in today's software world. With the constant growth of open-source components, assessing your organization's ability to manage them is crucial. To help you prepare, JFrog compiled a report ...
May 09, 2024
Open source projects thrive on community contributions, but this openness can be a double-edged sword. Consistency, collaboration, and diligence are critical when prioritizing open source security. Still, questions linger about the impact of new trends and developments on OSS security best practices and the wider community ...
April 09, 2024
As companies grapple with the rapid integration of AI into web applications, questions of risk mitigation and security are top of mind. AI-infused coding and secure defaults offer the potential for improved security, but organizations are still challenged with practical steps beyond just writing intent into policies and procedures. Further there are unique challenges with consumer-facing models not related to work, but something that must be managed as part of the growing attack surface ...
April 08, 2024
Using open source software has many benefits for organizations. It fosters transparency and innovation, provides flexibility and customization, cuts cost on development and enables collaboration among other developers. However, organizations could open themselves up to risks if the open source software isn't developed securely ...
March 18, 2024
Nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, representing a sharp uptick from the previous year, according to the Open Source Security and Risk Analysis (OSSRA) report from Synopsys ...
February 29, 2024
Open source code is the bedrock of modern application development. Many applications are built almost entirely from open source components ... So what should you be looking for when making open source package choices for your applications? Here are ten critical questions to ask yourself before using an open source project ...
February 21, 2024
According to the 2024 State of Open Source Report — from Perforce in collaboration with the Open Source Initiative and the Eclipse Foundation — 95% of respondents say that they have increased or maintained their use of open source in 2023 (33% of those significantly so) ...
October 26, 2023
Companies relying on open-source libraries introduce risks to their end-users, so they're on the hook for thoroughly auditing all software. The internal security principles guiding the auditing process are often called open-source governance. However critical, open-source governance principles can hinder vital development metrics like deployment time. Navigating the balance between organizational imperatives and risk management is thus an ever-more essential — and challenging — aspect of a developer's daily life ...
October 05, 2023
In 2023, twice as many software supply chain attacks took place as 2019-2022 combined, according to State of the Software Supply Chain Report ...
April 25, 2023
In mid 2022, the Open Source Software Security Foundation (OpenSSF) launched a 10-point plan to promote and improve the security of open source software. Here are their observations in combination with our own ...
April 24, 2023
Open source isn't a strategy, it's a philosophy of collaboration. It's the fabric of millions of commercial projects in industries like FinTech, IT and AI. But there's something curious about open source — it makes up the majority of codebases, so surely the packages have hundreds of eyes keeping watch on their security posture? Unfortunately not ...
April 19, 2023
Open-source software (OSS) constitutes over 70% of all software, and a new report — What's in Your Open-Source Software? — compiled by Lineaje Data Labs, uncovers the inherent risk and ease of software supply chain tampers in the Apache Software Foundation's most popular products and their dependencies ...
March 21, 2023
While open source is no more or less vulnerable than any other type of software, vulnerabilities in the open source supply chain cannot be managed in the same way as the software an organization creates in-house or purchases from a commercial vendor. There are several reasons why ...
January 11, 2022
As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think cloud will evolve and impact DevOps in 2022. This is Part 2 ...
April 15, 2021
Teams have made great strides to support the shift toward digital-focused solutions and capabilities, but the clock is ticking for those companies that are lagging in their digital innovation efforts. In Kong Inc.'s second annual Digital Innovation Benchmark, 51% of the 400 IT leaders surveyed in the US and Europe believe that their organization can only survive up to three years before going out of business or being absorbed by a competitor if they are unable to keep up with digital innovation ...
December 14, 2020
Industry experts offer thoughtful, insightful, and often controversial predictions on how DevOps and related technologies will evolve and impact business in 2021. Part 3 covers DevOps tools and automation ...
January 16, 2020
2020 will mark a tipping point in cloud, as new applications and software will become "cloud first" — and technology that avoids the cloud will increasingly be seen as a costly oddity ...
October 10, 2019
Given the collaborative, transparent nature of open source software, one of the best ways to determine what's driving the industry — and what stands to impact it in years to come — is to simply notice what everyone is talking about. In reviewing the speaker proposal data from O'Reilly's Open Source Software Conference (OSCON), we were able to determine how interest in popular open source software topics have evolved, how industry professionals are approaching and interpreting them, and which tools are becoming increasingly prevalent. Below are three core findings that are indicative of where open source software is headed ...
May 29, 2019
It's become common practice to use open source languages to code, helping companies iterate and release more quickly in a DevOps world. However, these languages bring some challenges with them, adding complexity and risk. Developers are still wasting time on retrofitting languages to comply with enterprise criteria, according to ActiveState's annual developer survey ...
December 03, 2018
ActiveState surveyed developers and programmers in 92 countries to better understand their pain points and assess how businesses can better work with their organizations. The survey results establish a starting point for understanding the challenges that coders confront when working with open source runtimes ...
September 13, 2018
"Our research provides compelling evidence that smart investments in technology, process, and culture drive profit, quality, and customer outcomes that are important for organizations to stay competitive and relevant -- both today and as we look to the future," said Dr. Nicole Forsgren, co-founder and CEO of DevOps Research and Assessment (DORA), referring to the organization's latest report Accelerate: State of DevOps 2018: Strategies for a New Economy ...
