Static Security Vulnerability Scanning of Proprietary and Open-Source Software: an Adaptable Process with Variants and Results

Software vulnerabilities remain a significant risk factor in achieving security objectives within software development organizations. This is especially true where either proprietary or open-source software OSS is included in the technological environment. In this paper an end-to-end process with...

Product Walkthrough: A Look Inside Pillar's AI Security Platform

In this article, we will provide a brief overview of Pillar Security's platform to better understand how they are tackling AI security challenges. Pillar Security is building a platform to cover the entire software development and deployment lifecycle with the goal of providing trust in AI system...

Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)

Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit...

NOTICE-OF-CHANGE ANNOUNCEMENT FOR CITRIX SD-WAN Software 11.2.X and 11.3.X Releases

Citrix Systems, Inc. announces a Notice of Status Change for the Citrix SD-WAN Software 11.2.X and 11.3.X Releases. The tables below explain the Citrix SD-WAN software lifecycle management milestones as well as important information regarding dates and options during this period. Citrix SD-WAN...

Opera Receives DevSecOps All-Star Award at SnykCon 2020

News Opera Receives DevSecOps All-Star Award at SnykCon 2020 Share October 28th, 2020 AtSnykCon 2020, Opera received the DevSecOps All-Star Award for leveraging Snyk to bring a complete and fully automated DevSecOps process into a secure software development lifecycle. Opera was represented by...

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2018-23254)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support for decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC versions 5.0 through 5.0.2 and 6.0 through 6.0.5. A...

IBM Team Concert Information Disclosure Vulnerability

IBM Team Concert RTC is a software lifecycle management solution based on the Jazz platform from IBM and supports real-time collaboration for decentralized teams. A security vulnerability exists in IBM RTC, which stems from the program's use of weak encryption algorithms. An attacker could exploi...

CVE-2014-3129

The Java Server Pages in the Software Lifecycle Manager SLM in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1...

Bugzilla jsonrpc.cgi 跨站请求伪造漏洞

BUGTRAQ ID: 51783 CVE ID: CVE-2012-0440 Bugzilla是一个开源的缺陷跟踪系统，它可以管理软件开发中缺陷的提交，修复，关闭等整个生命周期。 Bugzilla在jsonrpc.cgi的实现上存在CSRF安全漏洞，成功利用这些漏洞可允许攻击者劫持任意用户使用JSON-RPC API的身份验证请求。 0 Mozilla Bugzilla 4.x 厂商补丁： Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mozilla.org/security/...