Checkmarx is a Leader in the 2021 Gartner Magic Quadrant for Application Security Testing

Tag: Open Source Analysis

Developer’s Guide to Open Source Spring Cleaning

Spring is here, and after a year filled with record-setting digital transformation and its associated vulnerabilities, now is the right time to give the open source components in your codebase a refresh. For many development teams, today’s open source operations present a ‘mess’ that’s difficult to clean up; often, no one knows how many libraries, third-party components

Read More ›

Exploitable Path – How To Solve a Static Analysis Nightmare

In my previous blog, I walked you through the reasoning and importance of the Exploitable Path feature in Checkmarx SCA solution. We discussed the challenges of prioritizing vulnerabilities in open source dependencies and defined what it means for a vulnerability to be exploitable: The vulnerable method in the library needs to be called directly or

Read More ›

Addressing the Challenges of Open Source Software

Although software is significantly changing our work, home, and personal lives, many don’t realize that today’s software is made up of numerous ingredients. Some of the software we use daily contains pieces of custom code that’s developed internally by an organization, while other pieces of code come from community-driven open source projects that end up

Read More ›

Software Composition Analysis: Why Exploitable Path is Imperative

If you look at the way code is written today vs. a few years back, one of the major changes is the transition to open source. What was once considered an unsafe methodology has grown and matured, and nowadays almost every software project uses open source libraries. Today, software engineers prefer to use existing open

Read More ›

On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations,

Read More ›

Jump to Category