A great article by Shahid Shah "...If you ask some regulatory affairs folks in medical device companies, they think OSS is too “dangerous” for use in safety critical systems. The most common excuse given by engineers is that the regulatory compliance folks will not allow OSS or that the FDA will disapprove. There is plenty of evidence to the contrary, however, because the FDA hasn’t really rejected devices due solely to the use of OSS. The lack of OSS use in medical devices and healthcare IT circles in most cases likely stems from a lack of experience with OSS at the senior executive and regulatory compliance ranks within companies. This is a summary of a quick 10 step process that R&D groups can use to properly experiment with and include OSS in safety-critical systems."
So, you’ve heard of Shellshock, of course. And if you use Unix, you made sure someone installed the right p...
Most Recent Articles
Forrester reports on the latest AppSec trends and recommends the AppSec strategies organizations should adopt to keep up with today’s threat landscape
Learn how WhiteSource uses its own software to remediate open source security vulnerabilities and license compliance issues.
What are the top challenges facing the financial industry today, and how can financial institutions address them?
Learn about the Internet of things (IoT) and the role of open source and application security.
Learn what alert fatigue in application security is and how you can prioritize and remediate your software security vulnerabilities.
Software development organizations are struggling under rising security debt. Learn what causes security debt, and how it can be managed and reduced.
What you need to know in order to set up an effective and comprehensive vulnerability management process in your organization.
Software supply chain attacks are increasing. Learn what a software supply chain attack is, and about the recent attacks.
How many times have you heard that "open source is not secure." We are here to dispel this and other open source software security concerns.
Learn about the gray box testing, how it’s done, its techniques and tools, its advantages and disadvantages, and more.
Permissive open source licences continue to trend. Which open source licenses were most popular in 2020, and what can we expect in 2021?
API security is an essential part of application security in a digitally transformed world.
How to set up and implement an open source strategy that will ensure open source security and compliance.
Find the top security conferences to visit in 2021, virtually or in-person
To help you stay on top of your open source security, here is our list of top 10 open source security vulnerabilities in 2020.
What is application security testing orchestration and why it is crucial in helping organizations make sure all potential risks are tracked and addressed.
Kubernetes security should be a primary concern and not an afterthought. Learn how to avoid risks by applying security best practices.