Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native Applications: KICS

Tag: Open Source Analysis

Exploitable Path – How To Solve a Static Analysis Nightmare

In my previous blog, I walked you through the reasoning and importance of the Exploitable Path feature in Checkmarx SCA solution. We discussed the challenges of prioritizing vulnerabilities in open source dependencies and defined what it means for a vulnerability to be exploitable: The vulnerable method in the library needs to be called directly or

Read More ›

Addressing the Challenges of Open Source Software

Although software is significantly changing our work, home, and personal lives, many don’t realize that today’s software is made up of numerous ingredients. Some of the software we use daily contains pieces of custom code that’s developed internally by an organization, while other pieces of code come from community-driven open source projects that end up

Read More ›

Software Composition Analysis: Why Exploitable Path is Imperative

If you look at the way code is written today vs. a few years back, one of the major changes is the transition to open source. What was once considered an unsafe methodology has grown and matured, and nowadays almost every software project uses open source libraries. Today, software engineers prefer to use existing open

Read More ›

On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which was their final public draft revision. According to the abstract, “This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations,

Read More ›

Software Security Predictions: What to Watch for in 2019

Software Security Predictions: What to Watch for in 2019

Security breaches regularly made headlines in 2018, while advancements in DevOps, application security testing tools, artificial intelligence, machine learning, cloud adoption, and the Internet of Things raced forward. 2019 promises to be another busy year in technology and digital transformation, but what will that look like for software security? Here are our software security predictions

Read More ›

Jump to Category