Open Source Security

Thursday, March 7, 2024

Improving license detection when generating SBOMs

›
I blogged last year about generating a Software Bill of Material (SBOM) for an Apache Maven project using the cyclonedx-maven-plugin. It...
Monday, October 23, 2023

CVE-2023-44483 in Apache Santuario - XML Security for Java

›
A new CVE has been published for the recent Apache Santuario - XML Security for Java releases (4.0.0, 3.0.3, 2.3.4 and 2.2.6): CVE-2023-444...
Tuesday, October 10, 2023

Publishing SBOMs for open-source projects

›
Software Bill of Materials (SBOMs) are a recent hot topic, in part due to an executive order by the US government which references making a...
Friday, April 14, 2023

Open Source Software Composition Analysis

›
Software Composition Analysis (SCA) is the process of figuring out which third-party dependencies are used in your project. It's an esse...
Thursday, March 16, 2023

OpenSSF Allstar

›
In the previous blog post , I looked at how to use OpenSSF Scorecard to improve the security posture of your open-source GitHub projects. T...
Tuesday, February 21, 2023

OpenSSF Scorecard

›
OpenSSF Scorecard is a tool that assesses your project against a number of security best practices and assigns a score (out of 10). It is a...
Wednesday, December 14, 2022

New Apache CXF releases and CVEs published

›
Apache CXF has released versions 3.5.5 and 3.4.10. Notable security upgrades in these releases include picking up a fix for CVE-2022-40152...
›
Home
View web version

About Me

My photo
Colm O hEigeartaigh
Senior principal software engineer at Talend. Active committer on lots of Apache projects such as Apache Santuario, CXF, Camel, Syncope, WSS4J, Directory, Ranger, Knox, Shiro, etc. In what seems like another lifetime, I also acquired a PhD in the area of cryptography. The views expressed on this site are mine alone and do not necessarily reflect the views of my employer.
View my complete profile
Powered by Blogger.