Munawar Hafiz, CEO of OpenRefactory, writes about how a simple mistake can result in critical supply chain attacks. Edited by Charlie Bedard. On June 28, JFrog’s Brian Moussalli reported a leaked GitHub Personal Access Token (PAT) belonging to Ee Durbin (@ewdurbin), the Administrator of PyPI.

Munawar Hafiz, CEO of OpenRefactory, writes about the benefits of proactive vulnerability management strategies, including the potential advantage of knowing about bugs before they become public CVEs. Edited by Charlie Bedard. Three Vulnerabilities with Different Impacts We encounter security vulnerabilities every day. Some we are

This blog was created by Charlie Bedard. It is a lovely day and, being fortunate enough to live near a coast with long, sandy beaches, you decide to take the family to the beach. You hop in the car and head to the beach. Everyone

This blog was created by Arafat Tanin, Software Security Engineer, OpenRefactory and edited by Charlie Bedard. Introduction In the enchanting realm of Java, a powerful sorcery, known as serialization, enables objects to transcend their earthly forms and be reborn as byte streams. During my recent

This blog was created by Arafat Tanin, Software Security Engineer, OpenRefactory and edited by Charlie Bedard. When working with Java and its extensive standard library, you may often find yourself dealing with collections like HashSet and HashMap. These collections rely on the equals(Object) and hashCode() methods of the

This blog was created by Ataf Fazledin Ahamed, Software Security Engineer, OpenRefactory and edited by Charlie Bedard. Story   For the last month and a half, I have been looking at the source code of some of the most popular open source software projects as