BluBracket’s new filtering experience cuts through the noise

When BluBracket launched we were focused on being the best tool to find risks in code and related to code—as we describe it: what’s in your code, who has access, and where it’s going. But our work with companies ranging from nimble five-person startups to enterprises at the top of the fortune 100 has taught […]

Why we joined forces with Snyk

Yesterday we joined Snyk’s new Technical Alliance Partnership Program as a founding member and announced that we will integrate Snyk Open Source  into our BluBracket Code Security Suite. As a relatively young company, this is a big commitment and one that as CEO I don’t take lightly. But the value proposition for our customers is […]

Your source code is vulnerable, here’s what hackers are looking for

The biggest news of the spring season so far has been of a slap, a hostile takeover bid, a devastating series of source code dumps by a heretofore unknown hacking group, and now a hacked batch of OAuth tokens leading to yet more source code leaks. Of all of those, the source code leaks might […]

What kind of security tools should I provide to developers?

Dark Reading features an article from BluBracket’s VP of Product and Developer Relations on how security professionals should help their developers write secure code. One tip: “Use pre-commit hooks to scan for secrets and other code risks before they get into code. A secret in code is a secret told. Blocking secrets at the source […]

Introducing improved risk detail display and management workflows

Today we’re introducing improved risk details display and workflows in BluBracket Code Security. Our early testers have described these as a huge improvement in their ability to quickly and efficiently review and act on risks. We developed these improvements in collaboration with our design partners, with feedback from our enterprise customers representing over $100 billion […]

Cybersecurity & information security resources I used in 2021

Hey! My name is Alexandria, and I am a Developer Advocate intern at BluBracket. At BluBracket, I’ve had the opportunity to work with a fantastic team and learn in public all things related to code security. To me, “Learning in public” means sharing the resources I’ve used on my journey. So here’s a list of […]

Software Supply Chain-Still a Vulnerability for our Critical Infrastructure

From Stuxnet to Colonial Pipeline Although more than a decade has gone by, Stuxnet is regarded as the incident that initiated the use of a malware delivery platform that could deploy multiple 0-days attacks simultaneously. Since then, a series of attacks with monikers like duqu and flame evolved, sometimes called the sons-of-stuxnet. In some ways […]

Log4Shell Reinforces Need to Prioritize Software Supply Chain Security

Recently discovered and widely reported, the Log4J vulnerability(Log4Shell) affects millions of applications written in Java. Developers have extensively used Log4J as a logger for debugging, reporting and analytics during code development and execution. The Log4J library is widely used, particularly in environments where Apache components are deployed. About the Log4J Vulnerability The Log4J vulnerability also […]

BluBracket Uncovers Trojan Source Unicode (Bidirectional Algorithm) Vulnerabilities

In this era of fast code deployment and non-stop design-to-deploy, systemic code vulnerabilities can end up being devastating because of the speed at which code is shared via git repositories. The shift left movement has made developers aware of cybersecurity hygiene and best practices. This same movement has sought to give developers more responsibility and […]