Managing Transitive Vulnerabilities
Transitive vulnerabilities are developers’ most hated type of security issue, and for good reason. It’s complicated enough to monitor for and fix direct vulnerabilities throughout the software development lifecycle (SDLC). When software is dependent on third-, fourth-, and Nth-party components (and most software is), the longtail of risk can seem endless. To understand transitive vulnerabilities, […]
Effective Incident Response: A Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by David Cross’s insights on how to best handle a potential incident that could have been caused by what seemed to be a suspicious email sent to a marketing team. He recently shared his recommendations on CyberOXtales Podcast, highlighting the importance of having a clear playbook for incident response, determining […]
Unpacking Log4j: A Cybersecurity Playbook for Executives
This cybersecurity playbook is inspired by Amy Chaney’s experience with a major cybersecurity event that rattled the industry not too long ago: the infamous Log4Shell vulnerability. She recently shared her firsthand account on CyberOxTales Podcast, of being in the thick of things at JPMorgan Chase during the crisis. From understanding the intricacies of vulnerabilities to […]
Press Release: OX Security and HCLSoftware Announce Strategic Partnership to Launch AppScan Supply Chain Security
New OEM Capabilities, Empower Organizations to Deliver a Modern Approach to Application Security New York, NY, and Tel Aviv, Israel – May 7, 2024 – Today, OX Security, the largest Active Application Security Posture Management (Active ASPM) provider, unveils a strategic OEM partnership program, kicking off with HCLSoftware. This collaboration marks a significant milestone […]
Press Release: Optimizing Application Security with OX Security’s Attack Path Reachability Analysis
New Features Empower Organizations to Mitigate Risks in Software Supply Chains. RSA CONFERENCE, SAN FRANCISCO — May 7, 2024 — OX Security, a leader in Active Application Security Posture Management (ASPM) and a founding member of the Open Software Supply Chain Attack Reference (OSC&R) framework, today unveiled its latest innovations: Attack Path Reachability Analysis, […]
What to Consider When Choosing a Software Composition Analysis (SCA) Tool
Given the widespread use of third-party components in application development, identifying and remediating code vulnerabilities as early in development as possible is critical. As a result, many organizations turn to SCA tools, however traditional ones often deliver superficial code analysis that floods developers with irrelevant or non-actionable alerts, including numerous false positives. As you search […]