5 Steps to Improve Your Software Supply Chain Security
4/14/2016Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
Post a Comment
Author
Profile of Derek Weeks
Vice President & DevOps Advocate, Sonatype Member Since: 2/26/2016Author
News & Commentary Posts: 2
Comments: 4
Derek Weeks is passionate about applying proven supply chain management principles to improve efficiencies, reduce security risks, and sustain long-lasting competitive advantages. He is a distinguished international speaker and lectures regularly on modern software development practices, continuous delivery and DevOps, and application security.
A 20-year veteran of the software industry, Derek has advised leading businesses on IT performance improvement, practices covering continuous delivery, business process management, systems and network operations, service management, capacity planning and storage management.
Derek currently serves as vice president and DevOps advocate at Sonatype, where he leads the largest and most comprehensive annual analysis of software supply chain practices to date across more than 150,000 development organizations.
Articles by Derek Weeks
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
Post a Comment
Java Deserialization: Running Faster Than a Bear
4/14/2016Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
Post a Comment
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-8030
PUBLISHED: 2018-06-20
PUBLISHED: 2018-06-20
PUBLISHED: 2018-06-20
PUBLISHED: 2018-06-20
PUBLISHED: 2018-06-20
From DHS/US-CERT's National Vulnerability Database CVE-2018-8030
PUBLISHED: 2018-06-20
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 a...
CVE-2018-1117PUBLISHED: 2018-06-20
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this cou...
CVE-2018-11701PUBLISHED: 2018-06-20
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
CVE-2018-11702PUBLISHED: 2018-06-20
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
CVE-2018-11703PUBLISHED: 2018-06-20
FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) or possibly unspecified other impact.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This