Munawar Hafiz, CEO of OpenRefactory, writes about how a simple mistake can result in critical supply chain attacks. Edited by Charlie Bedard. On June 28, JFrog’s Brian Moussalli reported a leaked GitHub Personal Access Token (PAT) belonging to Ee Durbin (@ewdurbin), the Administrator of PyPI. Quoting from the incident report, “This token was immediately revoked, …
Munawar Hafiz, CEO of OpenRefactory, writes about the benefits of proactive vulnerability management strategies, including the potential advantage of knowing about bugs before they become public CVEs. Edited by Charlie Bedard. Three Vulnerabilities with Different Impacts We encounter security vulnerabilities every day. Some we are able to dodge while others leave a major impact. We’ll …
This blog was created by Charlie Bedard. It is a lovely day and, being fortunate enough to live near a coast with long, sandy beaches, you decide to take the family to the beach. You hop in the car and head to the beach. Everyone jumps out of the car and heads to the sand. …
This blog was created by Arafat Tanin, Software Security Engineer, OpenRefactory and edited by Charlie Bedard. Introduction In the enchanting realm of Java, a powerful sorcery, known as serialization, enables objects to transcend their earthly forms and be reborn as byte streams. During my recent days working as a part of a team that is …
This blog was created by Arafat Tanin, Software Security Engineer, OpenRefactory and edited by Charlie Bedard. When working with Java and its extensive standard library, you may often find yourself dealing with collections like HashSet and HashMap. These collections rely on the equals(Object) and hashCode() methods of the objects they store. But do you know why these methods …
This blog was created by Ataf Fazledin Ahamed, Software Security Engineer, OpenRefactory and edited by Charlie Bedard. Story For the last month and a half, I have been looking at the source code of some of the most popular open source software projects as a part of my job. The task sounds simple. We …
