Tag Archives: component vulnerabilities

Do you trust your software supplier? Questions to ask yourself – and them!


July 24, 2013 By
Jessica Dodson

Ever since I attended the recent Gartner Security & Risk Management Summit, I’ve found myself thinking a lot about if “you can trust your software supplier”. My colleague wrote about this a bit in a Gartner recap blog and our CEO co-presented on this topic with Curtis Yanko as part of a solution provider session. […]

Continue reading...

Good Hygiene Should be a Foundation of Application Security


June 19, 2013 By
Ryan Berg

Over the past week, there have been several articles, blog posts and security institutes about the latest release of the OWASP Top 10. Now is the right time to join the discussion. All this chatter doesn’t come as a surprise to me or others that have been long time participants in the application security space. […]

Continue reading...

Is it time for a Nexus Repository Health Check? Come to the Nexus Office Hours to get your Diagnosis.


May 27, 2013 By
Jessica Dodson

If your repository contained a jar file with a known vulnerability, how would you know? What would it mean to you to have that sort of visibility into your repository health? This isn’t probably something you consider often since one of the benefits of having a repository manager is enforcing component standards. But as you […]

Continue reading...

Vulnerability database infected for at least two months


March 19, 2013 By
The Vigilant Application Owner

Downed US vuln catalog infected for at least TWO MONTHS. A vulnerability in Adobe’s ColdFusion software allowed the National Vulnerability Database and other National Institute for Standards and Technology (NIST) Web sites to be infected with malware, prompting NIST to take them offline. Source: http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/

Continue reading...

NIST National Vulnerability Database down


By
The Vigilant Application Owner

Malware identified on two Web servers. The National Institute of Standards and Technology (NIST) took down several of their Web sites, including the National Vulnerability Database (NVD) after malware was found on them. Source: http://news.softpedia.com/news/NIST-National-Vulnerability-Database-DownMalware-Identified-on-Two-Web-Servers-337103.shtml

Continue reading...

Browsers downed again on first day of Pwn2Own contest


March 8, 2013 By
The Vigilant Application Owner

Major browsers, Java hacked on the first day of Pwn2Own 2013.Researchers participating in the first day of  Pwn2Own 2013 discovered security vulnerabilities in Firefox, Chrome, and Internet Explorer 10 Web browsers, as well as in Java. Source: http://news.softpedia.com/news/Major-Browsers-Java-Hacked-on-theFirst-Day-of-Pwn2Own-2013-335279.shtml

Continue reading...

Oracle confirms Java 7 Update 15


By
The Vigilant Application Owner

Oracle confirms Java 7 Update 15 vulnerability, but researchers are still unhappy. Researchers urged Oracle to reevaluate their submissions of weaknesses in the Java 7 Update 15 after the company acknowledged only one of the two vulnerabilities discovered regarding a full sandbox bypass is a concern, and simply determined the second vulnerability to be accepted […]

Continue reading...