Introducing Checkmarx Software Composition Analysis (CxSCA)

Tag: Security Vulnerabilities

Why “Shift Left” in DevOps is really “Shift Center”

In an industry full of acronyms and buzz words, the term “shift left” surfaced as a result of organizations waiting to perform software security testing until the end of the development process. The problem here is that the industry still tends to think of developing, testing, and delivering software as if someone was reading a

Read More ›

Recommendations for Friends and Family on Staying Cyber Safe While Working Remotely

The world as a whole is coming together to quell the spread of COVID-19 by limiting social interaction, and in some instances, initiating full quarantines. Schools are closed for weeks, if not longer. Organizations have initiated very strict work from home policies to keep employees safe, and many restaurants and bars are only open for

Read More ›

Training Exposure: Addressing Secure Coding Education in Your Software Security Program

According to the Verizon 2019 Data Breach Investigation Report, 69 percent of the data breaches investigated by Verizon were perpetrated by outsiders, 63 percent were the result of attackers targeting server assets, and nearly 70 percent of breach incidents were caused by attackers targeting vulnerable web applications. Undoubtedly, there is a substantial connection between vulnerable

Read More ›

LeapFrog LeapPad Ultimate Security Vulnerabilities

Protecting our children from the dangers on the internet is something all parents strive for and struggle with. When you find a toy that you think is safe, and will educate and entertain your child, you buy it. Right? That’s why parents bought and continue to buy LeapFrog’s LeapPad Ultimate. The Checkmarx Security Research Team

Read More ›

Adoption Exposure: Your Software Security Needs Integration and Automation

There are many software security solutions available today designed to provide insight into important security issues found during software development. As organizations begin moving forward with DevOps initiatives, are their current Application Security Testing (AST) solutions doing the work they need them to accomplish? If you haven’t integrated AST automatically into your vulnerability detection, triage,

Read More ›

Houston [I mean Bulgaria], we’ve got a problem

Every relationship is built on trust. Trust is at the core of every lasting relationship, whether it’s between family members, between spouses, between organizations and their customers, and even between citizens and their government. At the start of this week, this trust was unfortunately violated in Bulgaria. The data of 5M people was leaked from

Read More ›

Code Exposure: The Vulnerabilities in Your Code & Where They Originate

Code Exposure: The Vulnerabilities in Your Code & Where They Originate Typical software applications are comprised of two types of code: custom code created by your internal development teams, and third-party code – often open source – created outside the organization. Until about 10 to 15 years ago, almost all software was custom code, and

Read More ›

A New EU Cybersecurity Regulation and Why It’s Important

On the heels of GDPR and what it meant to the rest of the world outside of the EU, another EU cybersecurity regulation is on the horizon. Most organizations remember the effort taken to meet GDPR compliance irrespective of where they were headquartered or operated their business. The new EU Regulation called the Cybersecurity Act

Read More ›

OpenSSL Vulnerabilities: Takeaways from the Latest Patch

The OpenSSL project this week released a series of patches to combat six vulnerabilities that have been discovered as of late, including two high-severity flaws that would give attackers the ability to decrypt HTTPS traffic, execute malicious code on vulnerable servers, and possibly even cause servers to crash. Ironically, one of the flaws was actually

Read More ›

So You Found A Security Bug – Now What?

Security vulnerabilities are discovered, reported and fixed every day.  But how can we more easily learn about them, and how can the white-hat hackers that find them keep their finds organized? “I prefer a world where I have all the information I need to assess and protect my own security,” Bruce Schneier wrote in an essay

Read More ›

Jump to Category