all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How bulk pull requests help scale open source bug fixes

Add to bookmarks
March 28, 2023, 3:58 p.m. | ericka@chickowski.com (Ericka Chickowski)

ReversingLabs Blog blog.reversinglabs.com




The complicated tangle of dependencies in modern software development processes make it tricky to identify dangerous flaws hidden in open-source software (OSS) projects. But the bigger bugaboo has been how to issue fixes to vulnerable projects at a scale that can reduce the attack surface across the entire software supply chain.

attack attack surface bug dependencies dev & devsecops development fixes flaws hidden identify issue open source open-source software oss processes projects pull requests requests scale software software development software supply chain software supply chain security supply supply chain vulnerable

Visit resource

More from blog.reversinglabs.com / ReversingLabs Blog

NVD delays highlight vulnerability management woes: Put malware first 20 hours ago | blog.reversinglabs.com
appsec & supply chain security attention change current +16
CycloneDX upgraded for the evolving software supply chain security era 5 days, 18 hours ago | blog.reversinglabs.com
ai development appsec & supply chain security bill bills +25
Where GenAI intersects with threat modeling: 3 key benefits for AppSec 6 days, 20 hours ago | blog.reversinglabs.com
application application security appsec appsec & supply chain security +18
OWASP's LLM AI Security & Governance Checklist: 13 action items for your team 1 week ago | blog.reversinglabs.com
action ai security appsec & supply chain security artificial +15
XZ Trojan highlights software supply chain risk posed by 'sock puppets' 1 week, 5 days ago | blog.reversinglabs.com
appsec & supply chain security attacks compression compromise +28
The state of secrets security: 7 steps to better managing risk 1 week, 6 days ago | blog.reversinglabs.com
appsec & supply chain security complexity development epidemic +16
When GenAI and low-code collide: What could go wrong for AppSec? 2 weeks ago | blog.reversinglabs.com
application application security appsec appsec & supply chain security +22
Malicious helpers: VS Code Extensions observed stealing sensitive information 2 weeks, 6 days ago | blog.reversinglabs.com
administrators attacks code daily +20
SBOMs are now essential: Make them actionable to better manage risk 3 weeks ago | blog.reversinglabs.com
actionable appsec & supply chain security attack attacks +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Operations Analyst

@ Astranis | San Francisco
View on infosec-jobs.com

Manager - Business continuity Security and Safety.Risk and Compliance

@ MTN | Benin
View on infosec-jobs.com

Cyber Analyst, Digital Forensics Incident Response

@ At-Bay | Canada
View on infosec-jobs.com

Technical Product Manager, AppSec and DevSecOps

@ Penn Interactive | Philadelphia
View on infosec-jobs.com

Experienced Cloud Security Engineer (m/f/d) - Cybersecurity

@ MediaMarktSaturn | Barcelona, ES, 8003
View on infosec-jobs.com
View more jobs