Mend: Building a Long-Term Health Plan For Open Source Security
Arabella Hallawell, CMO with Mend, joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss securing assets and attack surface management.
Open-source software enables code review and reuse, but known vulnerabilities and unmaintained dependencies can create cybersecurity risks.
Search across headline titles and summaries.
Background for this topic.
Open source is software whose source code is available under a license that permits use, inspection, modification, and redistribution. It may be developed by a community, an organization, or a small group of maintainers; “open” does not guarantee that the code is actively reviewed, supported, or secure.
For security teams, the main concerns are vulnerabilities in dependencies and the software supply chain: a maintainer account, release process, or package can be compromised, while an unmaintained component may retain known flaws. Public code can enable review and faster fixes, but visibility alone is not a control. Maintain an inventory or SBOM of open-source components, pin and verify versions or signatures where possible, monitor vulnerability advisories, and apply updates through a controlled process.
Arabella Hallawell, CMO with Mend, joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss securing assets and attack surface management.
The lack of understanding around open source poses a threat when legislation is considered. Governments can help by offering funding to help remediate vulnerabilities and supporting in open source's long-term development.
The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution
OT firms construct handy early-warning info-sharing system RSA Conference A group of some of the largest operational technology companies are using this year's RSA Conference as an opportunity to launch an open source early-threat-warning system designed for OT and industrial control systems (ICS) environments. …