Looney Tunables? CVE-2023-4911? You might be using a vulnerable Linux distribution.
Introduction If you are an individual using Linux or one who has been a fan of Looney Tunes/Toons then do read further to find out how Looney Toons is a…
Read More >
Security Scanning Tools Defined: SAST, IaC, SCA, DAST, IAST/RASP, Container Runtime Security and Runtime SCA
Security Scanning Tools Overview There are significant changes happening in the world of software development. How we create applications (monolithic to microservices), how fast we ship them (continuous integration), how…
Read More >
Deepfactor 3.3 Includes Enhanced Prioritization of SCA Findings and New Free-Trial Offer
Deepfactor Release 3.3 Overview In Release 3.3 of Deepfactor Developer Security, we have made significant enhancements to the platform's artifact scanner and runtime correlation to help users prioritize SCA findings.…
Read More >
Back from Hacker Summer Camp 2023: One CTO’s Experience
Another August, another Hacker Summer Camp. The annual gathering of 25,000 like-minded hackers and security enthusiasts descended on Vegas for a week of get togethers, talks, and parties. This year…
Read More >
New Zenbleed Vulnerability: What It Is, How to Fix It
Zenbleed (CVE-2023-20593) was announced today. This is a vulnerability affecting AMD processors based on the Zen2 microarchitecture (certain EPYC CPUs used in datacenter servers and Ryzen/Threadripper CPUs used in desktop/laptop…
Read More >
Digging Into An Interesting New CVE
CVE-2023-38408, discovered by the Qualys Threat Research Unit (TRU), describes an RCE (remote code execution) vulnerability made possible by an unwanted interaction between OpenSSH’s ssh-agent executable, the dlopen() and dlclose()…
Read More >
SBOM Executive Order: Ready for the June 11th deadline?
In preparation for the June 11th deadline of President Biden’s Executive Order (EO) on Improving the Nation’s Cybersecurity, Deepfactor has focused on educating customers about the importance of accurately and…
Read More >
SBOM Security in 2023: Top 5 things you must know as a cybersecurity professional
Modern applications rely on open source and third-party software for a majority of their code base. Many of those software building blocks come with vulnerabilities and license risks that organizations…
Read More >
Deepfactor 3.2 Adds SBOM and Runtime Correlation for SCA To Help Customers Improve Supply Chain Security
With the June 2023 Supply Chain Security executive order looming, Deepfactor 3.2 introduces important SCA, SBOM, and runtime security enhancements designed to help customers reduce risk, improve supply chain security,…
Read More >
5 Ways to Help Engineering Teams Integrate Security into Development Pipelines
In the past couple of years in my technical product role here at Deepfactor, I have had several meetings with VPs and directors of security from large, global organizations in…
Read More >
Learn How to Evaluate Developer Security Platforms
When Deepfactor was launched in September 2020, the market was [being] upended by technical innovations in containerization (i.e. K8s), software delivery (i.e. CI/CD), and security (i.e. more on that below).…
Read More >
OpenSSL 3.0.x Vulnerability: Remote Code Execution (CVE-2022-3602, CVE-2022-3786)
By Guest Author Teja Myneedu, Director—Product Security Engineering and Research, TripActions OpenSSL is a commonly used cryptographic toolkit widely used for SSL/TLS across web-based applications. The OpenSSL project routinely releases bug…
Read More >