Infosecurity-magazine.com

Transitive Dependencies Account for 95% of Bugs

Nearly all (95%) open source vulnerabilities are found in transitive or indirect dependencies, according to a new report from Endor Labs that highlights the challenges of remediation in these ...
Forbes

The Hidden Risk Lurking In The Software Supply Chain: Transitive Open-Source Dependencies

Varun Badhwar is CEO & Co-Founder at Endor Labs. Previously, he built Prisma Cloud for Palo Alto Networks following the RedLock acquisition. Packages arriving late, stores out of stock or overstocked, ...
VentureBeat

Why your organization needs a software bill of materials

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The recent Log4j vulnerability has exposed systemic problems in how ...
PC Magazine

transitive dependency

An indirect relationship between data elements in a database. For example, social security number is a transitive dependency of date-of-birth (SSN->DOB), because it is dependent on name (SSN->NAME), ...
TechRepublic

Open source code for commercial software applications is ubiquitous, but so is the risk

Open source code for commercial software applications is ubiquitous, but so is the risk Your email has been sent It was almost exactly one year ago that experts found ...
InfoQ

Ruiz and Almiray at Devoxx UK: Lessons on How to Escape the Maven Dependency Hell

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
CSOonline

Google launches dependency API and curated package repository with security metadata

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming ...
TechCrunch

To prevent cyberattacks, the government should limit the scope of a software bill of materials

The May 2021 executive order from the White House on improving U.S. cybersecurity includes a provision for a software bill of materials (SBOM), a formal record containing the details and supply chain ...