MOUNTAIN VIEW, Calif., April 13, 2021 /PRNewswire/ Synopsys, Inc. (Nasdaq: SNPS) today released the 2021 Open Source Security and Risk Analysis (OSSRA) report. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,500 audits of commercial codebases, performed by the Black Duck® Audit Services team. The report highlights trends in open source usage within commercial applications and…
Reseller News
Join Reseller News
Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.Sign up now
What is typosquatting? A simple but effective attack technique
A type of social engineering attack, typosquatting uses purposely misspelled domains for a variety of malicious purposes.
Typosquatting definition
A typosquatting attack, also known as a URL hijacking, a sting site, or a fake URL, is a type of social engineering where threat actors impersonate legitimate domains for malicious purposes such as fraud or malware spreading. They register domain names that are similar to legitimate domains of targeted, trusted entities in the hope of fooling victims into believing they are interacting with the real organisation.
Maintain an inventory of components
The most important open-source management practice that organizations should have is an inventory of which open-source components are used, and where, Mackey said. That s particularly important because of the way many organizations obtain their open-source components, Korren said. Very few organizations use open source directly from GitHub. A lot of them are getting a copy of the project and putting it into an internal code repository. Tsvi Korren
Teams need to go into their internal code repositories and understand whether something was written from scratch or their developers incorporated an open-source project, Korren added.
Mackey advised that when taking inventory, teams should reach beyond open-source software.
Synopsys Study Shows Open Source Security Top-of-Mind but Patching Too Slow
Global survey of 1,500 IT professionals finds that 40% of respondents worldwide had delivery schedules disrupted to address open source vulnerabilities
MOUNTAIN VIEW, Calif., Dec. 8, 2020 /PRNewswire/ Synopsys, Inc. (Nasdaq: SNPS) today released the report, DevSecOps Practices and Open Source Management in 2020. Produced by the Synopsys Cybersecurity Research Center (CyRC), the report highlights the findings from a survey of 1,500 IT professionals working in cyber security, software development, software engineering, and web development. The report explores the strategies that organizations around the world are using to address open source vulnerability management as well as the growing problem of outdated or abandoned open source components in commercial code.