What was most interesting was learning about the:
- Data Security Law of the People’s Republic of China
- U.S. Vulnerability Equities Process
https://t.co/bEeChaG8sU
Explore the public availability of affected functions for OSS vulnerabilities and why vendors are spending millions to build private datasets. https://t.co/PW4MWNA0Uu
We haven't had people over in months, and now that we have invited friends and family to visit San Diego, our kitchen floods from an unknown underground pipe.
Kotlin in your codebase now gets reachability analysis with Semgrep Supply Chain. An addition driven by partnership with our customers and users, Kotlin becomes the eighth language to receive dataflow reachability on our supply chain platform. 🎉
Reduce your false positives by up to 98% by leveraging our dataflow reachability, all backed by the powerful Semgrep engine. Learn more on our blog and try out Kotlin reachability today.
https://t.co/4Fww7ieRV0
#koltin #reachability #semgrep #supplychain
🔍 Curious about automating bug hunting with Semgrep? @SomersetRecon's presentation provides a deep dive into how Semgrep compares to grep, explains Semgrep syntax (including Pro features), and offers practical tips for success!
https://t.co/EOv9aumfjt
Where are all the youth in open source? Data shows a lack of contributions from younger generations. Barriers include high standards and financial pressures.
The popular Polyfill JS project is being misused to infect over 100,000 websites that have integrated the package via the https://t.co/XlWeWmpdV0 domain. Scan your projects using this Semgrep rule. https://t.co/SJdhm4duIc
🤫 Dirty Little Secrets of Vulnerability Management
@CirclesWeRun42 covers a number of common misconceptions:
NVD ≠ CVE Program
CISA’s KEV only includes active exploitation
Exploit likelihood vs exploitability with EPSS
+ more
https://t.co/swoLD0NNF3
Today is the launch of @Semgrep Academy! Free courses on #AppSec, Secure Coding, #API Security, Functional Programming, and MORE! Please go check it out here:
https://t.co/wwkpXzXxQL
Strap in, we's going on a ride, a static analysis ride. I recently came across this paper, which looked at a wide variety of SAST tools against a number of Java apps.
Java being the choice of enterprise, and often not the best Java approaches out there, so it's a good choice