Tag Archives: component vulnerabilities

2,600 Take Our “Achy Breaky Heartbleed” Survey


April 15, 2014 By
Derek Weeks
The affects of heartbleed on open source development survey

It turns out, our timing could not have been better. As bad fortune would have it, or perhaps it was luck, the Heartbleed bug was announced on April 7th and the notice went viral almost immediately. During that first week of April (pre-Heartbleed notice), we had over 1,500 participants in the survey. Post-heartbleed, we have had another 1,100+ participate.

Continue reading...

Do you trust your software supplier? Questions to ask yourself – and them!


July 24, 2013 By
Jessica Dodson

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session. […]

Continue reading...

Good Hygiene Should be a Foundation of Application Security


June 19, 2013 By
Ryan Berg

Over the past week, there have been several articles, blog posts and security institutes about the latest release of the OWASP Top 10. Now is the right time to join the discussion. All this chatter doesn’t come as a surprise to me or others that have been long time participants in the application security space. […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...

Vulnerability database infected for at least two months


March 19, 2013 By
The Vigilant Application Owner

Downed US vuln catalog infected for at least TWO MONTHS. A vulnerability in Adobe’s ColdFusion software allowed the National Vulnerability Database and other National Institute for Standards and Technology (NIST) Web sites to be infected with malware, prompting NIST to take them offline. Source: http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/

Continue reading...

NIST National Vulnerability Database down


By
The Vigilant Application Owner

Malware identified on two Web servers. The National Institute of Standards and Technology (NIST) took down several of their Web sites, including the National Vulnerability Database (NVD) after malware was found on them. Source: http://news.softpedia.com/news/NIST-National-Vulnerability-Database-DownMalware-Identified-on-Two-Web-Servers-337103.shtml

Continue reading...

Browsers downed again on first day of Pwn2Own contest


March 8, 2013 By
The Vigilant Application Owner

Major browsers, Java hacked on the first day of Pwn2Own 2013.Researchers participating in the first day of  Pwn2Own 2013 discovered security vulnerabilities in Firefox, Chrome, and Internet Explorer 10 Web browsers, as well as in Java. Source: http://news.softpedia.com/news/Major-Browsers-Java-Hacked-on-theFirst-Day-of-Pwn2Own-2013-335279.shtml

Continue reading...