Log4Shell Reinforces Need to Prioritize Software Supply Chain Security

Recently discovered and widely reported, the Log4J vulnerability(Log4Shell) affects millions of applications written in Java. Developers have extensively used Log4J as a logger for debugging, reporting and analytics during code development and execution. The Log4J library is widely used, particularly in environments where Apache components are deployed. About the Log4J Vulnerability The Log4J vulnerability also […]

BluBracket Uncovers Trojan Source Unicode (Bidirectional Algorithm) Vulnerabilities

In this era of fast code deployment and non-stop design-to-deploy, systemic code vulnerabilities can end up being devastating because of the speed at which code is shared via git repositories. The shift left movement has made developers aware of cybersecurity hygiene and best practices. This same movement has sought to give developers more responsibility and […]

Linux Foundation Announces Security Enhancements to its LFX Community Platform to Protect Software Supply Chain

More than 720,000 technical contributors and 1,700 member companies have access to security metrics on the LFX platform; tens of millions of developers rely on projects hosted across the platform Napa Valley, Calif., Linux Foundation Membership Summit, November 2, 2021 — The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced it […]

Securing Open Source Code with the Linux Foundation

Today we are pleased to announce an important step in our mission to secure code. We have donated a sizable contribution to the LFx security module at the Linux Foundation so it now includes automatic scanning for secrets-in-code and non-inclusive language. Our contribution was announced on stage at the Linux Foundation Member Summit today in […]

So Many Repos, So Little Time: Speeding Up Deployments Securely

As we entered 2020, digital transformation was already gathering steam. Once Covid-19 spread, workers went remote and e-commerce and business-to-business transactions went predominantly online. This propelled digital transformation into a raging inferno that led to unprecedented pressure on developer pipelines from incessant business demands for new code functionality and faster updates. Around the same time […]

Lessons from the Twitch leak

Last week Twitch faced the kind of nightmare scenario that every online service hopes to avoid: their source code and database dumps were leaked on the internet and broadly distributed. Database dumps exposed details about their business, everything from user complaints to streamer payouts. And the source code uncovered the inner workings of their service […]

How Bill Gates saved Microsoft 20 years ago

Before his career as a philanthropist, Bill Gates was the founder and head of Microsoft who became as famous for his relentless pursuit of growth as he had for inventing the commercial software market with MS-DOS. By 2001, Microsoft Windows-powered over 97% of computers. Internet Explorer 6 was winning the browser wars, and the pre-iPhone […]

Why Developers Need More than SAST and DAST for Real Code Security

When SAST, DAST, IAST etc. are Just Not Enough Once developers find tools that work for them, it is hard to make a change. SAST and other legacy Application Security tools fall into the area of being solid tools that work. In the last couple of years the threat landscape has evolved and new vulnerabilities […]

BluBracket to Enable Developer Empowerment – Appoints Casey Bisson Head of Product Growth

We’re excited to announce Casey Bisson has been appointed the Head of Product Growth at BluBracket. BluBracket’s mission is to empower individual developers with the information and tools they need to enhance security across all aspects of their development workflows. BluBracket is on a journey to enable this transformation by helping organizations shift left on […]