Open Source

The Rise of Security Debt: Your Security IOUs Are Due
April 14, 2025

Enterprises across the world are under attack, and it's getting harder for them to defend themselves ... The regulatory pressures facing companies have made a difference. Recent data from Veracode's 2025 State of Software Security (SoSS) report shows that the percentage of applications passing the Open Worldwide Application Security Project (OWASP) Top 10 tests has increased by 63% over the past five years — a significant improvement. More notably, the prevalence of high-severity flaws has been cut in half over the past decade ...

Creating SBOMs without the F-Bombs: A Simplified Approach to Creating Software Bills of Material
April 10, 2025

Software engineers are currently caught between a rock and a hard place. The rock? They're under record pressure to produce and release new software. The hard place? They're increasingly expected to account for the safety, security and provenance of every single software asset they use in those builds. That's demonstrated in the rise of the Software Bill of Materials (SBOM). These two clashing requirements are a source of great anxiety for software engineers ...

Insights into Open Source Software Usage and Security
March 11, 2025

Open source software (OSS) is a cornerstone of modern digital infrastructure, driving innovation and supporting applications across industries and regions. With its pervasive use, identifying critical OSS components and addressing their security challenges are vital. The recent Census III Report provides key insights into the OSS ecosystem ...

Strengthening Software Supply Chains with Dependency Management
January 22, 2025

The explosion of open source software consumption, combined with the increasing backlog of critical vulnerabilities and the rise of outside threats, paints an alarming picture of the current state of software supply chain security ...

2025 Open Source Predictions
January 15, 2025

DevOps experts offer predictions on how open source technologies will evolve in 2025 ...

Insights from the Forefront of Automated Testing
December 05, 2024

The software testing landscape is undergoing a transformative shift, driven by emerging technologies and evolving development practices. Rainforest QA's survey of software engineering leaders reveals new insights into how development teams are approaching end-to-end (E2E) test automation in 2024 ...

Can We Move Forward with the Open Source AI Definition?
December 04, 2024

With the increased prevalence of generative AI, there's a desire to have the same ability to inspect the AI models. Most generative AI models are black boxes, so some vendors are using the term "open source" to set their offerings apart. But what does "open source AI" mean? There's no generally-accepted definition ...

OpenSSF Expands Secure Development Course with Interactive Labs
October 31, 2024

The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).

Mitigating Cybersecurity Risk in Open-Source Software
October 02, 2024

Open-source software has injected fun and excitement into the lives of IT professionals and technology hobbyists alike ... Unsurprisingly, open-source software's lineage is complex ... A single open-source project may have thousands of lines of code from hundreds of authors which can make line-by-line code analysis impractical and may result in vulnerabilities slipping through the cracks ...

It's Not Enough to Just Hope for Secure Open Source Software
September 30, 2024

If you are like many developers, your work relies heavily on open source code. But do you ever stop to consider where this code comes from and what motivates the people who write it to keep it maintained and secure? We recently surveyed over 400 open source maintainers to learn more about their work ... Here are a few of the most critical findings we uncovered that impact development teams relying heavily on open source ...

The State of Application Development 2024
June 27, 2024

The state of application development in 2024 shows further trends toward cloud development, open source, microservices and AI/ML integration according to the 2024 State of Application Development Report from Docker ...

The State of Software Supply Chain Security in 2024: Are You Ready for the Complexity?
May 13, 2024

Managing and securing your software supply chain is vital to delivering reliable, trusted releases in today's software world. With the constant growth of open-source components, assessing your organization's ability to manage them is crucial. To help you prepare, JFrog compiled a report ...

Can OSS Security Solutions Finally Secure Open Source in 2024?
May 09, 2024

Open source projects thrive on community contributions, but this openness can be a double-edged sword. Consistency, collaboration, and diligence are critical when prioritizing open source security. Still, questions linger about the impact of new trends and developments on OSS security(link is external) best practices and the wider community ...

Security in Bytes: Decoding the Future of AI-Infused Web Applications
April 09, 2024

As companies grapple with the rapid integration of AI into web applications, questions of risk mitigation and security are top of mind. AI-infused coding and secure defaults offer the potential for improved security, but organizations are still challenged with practical steps beyond just writing intent into policies and procedures. Further there are unique challenges with consumer-facing models not related to work, but something that must be managed as part of the growing attack surface ...

Understanding Secure Software Development Essentials
April 08, 2024

Using open source software has many benefits for organizations. It fosters transparency and innovation, provides flexibility and customization, cuts cost on development and enables collaboration among other developers. However, organizations could open themselves up to risks if the open source software isn't developed securely ...

High-Risk Open Source Vulnerabilities Surging Since Last Year
March 18, 2024

Nearly three-quarters of commercial codebases assessed for risk contain open source components impacted by high-risk vulnerabilities, representing a sharp uptick from the previous year, according to the Open Source Security and Risk Analysis (OSSRA) report from Synopsys ...

10 Questions Organizations Should Be Asking Before Using an Open Source Project
February 29, 2024

Open source code is the bedrock of modern application development. Many applications are built almost entirely from open source components ... So what should you be looking for when making open source package choices for your applications? Here are ten critical questions to ask yourself before using an open source project ...

The State of Open Source Software in 2024
February 21, 2024

According to the 2024 State of Open Source Report — from Perforce in collaboration with the Open Source Initiative and the Eclipse Foundation — 95% of respondents say that they have increased or maintained their use of open source in 2023 (33% of those significantly so) ...

Tired of Governance Holding Your Team Back? Enter: Automation
October 26, 2023

Companies relying on open-source libraries introduce risks to their end-users, so they're on the hook for thoroughly auditing all software. The internal security principles guiding the auditing process are often called open-source governance. However critical, open-source governance principles can hinder vital development metrics like deployment time. Navigating the balance between organizational imperatives and risk management is thus an ever-more essential — and challenging — aspect of a developer's daily life ...

The State of Software Supply Chain 2023
October 05, 2023

In 2023, twice as many software supply chain attacks took place as 2019-2022 combined, according to State of the Software Supply Chain Report ...

SCA: The New Savior of Open Source Software - Part 2
April 25, 2023

In mid 2022, the Open Source Software Security Foundation (OpenSSF) launched a 10-point plan to promote and improve the security of open source software. Here are their observations in combination with our own ...

SCA: The New Savior of Open Source Software - Part 1
April 24, 2023

Open source isn't a strategy, it's a philosophy of collaboration. It's the fabric of millions of commercial projects in industries like FinTech, IT and AI. But there's something curious about open source — it makes up the majority of codebases, so surely the packages have hundreds of eyes keeping watch on their security posture? Unfortunately not ...

Open-Source Software Often Fails to Meet Integrity Standards
April 19, 2023

Open-source software (OSS) constitutes over 70% of all software, and a new report — What's in Your Open-Source Software? — compiled by Lineaje Data Labs, uncovers the inherent risk and ease of software supply chain tampers in the Apache Software Foundation's most popular products and their dependencies ...

Growing Open Source Landscape Brings Increased Risks and Rewards
March 21, 2023

While open source is no more or less vulnerable than any other type of software, vulnerabilities in the open source supply chain cannot be managed in the same way as the software an organization creates in-house or purchases from a commercial vendor. There are several reasons why ...

2022 DevOps Predictions for Cloud - Part 2
January 11, 2022

As part of the 2022 DevOps Predictions list, DEVOPSdigest asked industry experts how they think cloud will evolve and impact DevOps in 2022. This is Part 2 ...

Pages