Log4Shell Reinforces Need to Prioritize Software Supply Chain Security

Recently discovered and widely reported, the Log4J vulnerability(Log4Shell) affects millions of applications written in Java. Developers have extensively used Log4J as a logger for debugging, reporting and analytics during code development and execution. The Log4J library is widely used, particularly in environments where Apache components are deployed. About the Log4J Vulnerability The Log4J vulnerability also […]

BluBracket Uncovers Trojan Source Unicode (Bidirectional Algorithm) Vulnerabilities

In this era of fast code deployment and non-stop design-to-deploy, systemic code vulnerabilities can end up being devastating because of the speed at which code is shared via git repositories. The shift left movement has made developers aware of cybersecurity hygiene and best practices. This same movement has sought to give developers more responsibility and […]

Upcoming Live Discussion: Three Steps to Preventing Software Supply Chain Attacks

Tuesday, December 7, 2021 1:00 PM ET / 10:00 AM PT Click here to register. On Tuesday, December 7, 2021, BluBracket will be leading a live webinar about the relationship between code security and software supply chain attacks. You are invited to listen in and speak as a panelist while BluBracket’s own Maurice Evans and […]

Linux Foundation Announces Security Enhancements to its LFX Community Platform to Protect Software Supply Chain

More than 720,000 technical contributors and 1,700 member companies have access to security metrics on the LFX platform; tens of millions of developers rely on projects hosted across the platform Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it […]

Securing Open Source Code with the Linux Foundation

Today we are pleased to announce an important step in our mission to secure code. We have donated a sizable contribution to the LFx security module at the Linux Foundation so it now includes automatic scanning for secrets-in-code and non-inclusive language. Our contribution was announced on stage at the Linux Foundation Member Summit today in […]

So Many Repos, So Little Time: Speeding Up Deployments Securely

As we entered 2020, digital transformation was already gathering steam. Once Covid-19 spread, workers went remote and e-commerce and business-to-business transactions went predominantly online. This propelled digital transformation into a raging inferno that led to unprecedented pressure on developer pipelines from incessant business demands for new code functionality and faster updates. Around the same time […]

Lessons from the Twitch leak

Last week Twitch faced the kind of nightmare scenario that every online service hopes to avoid: their source code and database dumps were leaked on the internet and broadly distributed. Database dumps exposed details about their business, everything from user complaints to streamer payouts. And the source code uncovered the inner workings of their service […]

Why Organizations Today Need a Risk-Based Approach to Code Security

We salute October as National Cybersecurity Awareness Month As we salute the national cybersecurity awareness month, we also want to recognize the ongoing increase in application-based software supply chain attacks. The process to deliver security and protection during software development cycles are disjointed, leading to gaps, vulnerabilities and lots of false positive alerts. This is why […]

How Bill Gates saved Microsoft 20 years ago

Before his career as a philanthropist, Bill Gates was the founder and head of Microsoft who became as famous for his relentless pursuit of growth as he had for inventing the commercial software market with MS-DOS. By 2001, Microsoft Windows-powered over 97% of computers. Internet Explorer 6 was winning the browser wars, and the pre-iPhone […]