Uncategorized

Finding the Root Cause of a CVE

Authored by Md Shoaib Shahriar Ibrahim and Saadman Ahmed, security engineers at OpenRefactory. Edited by Charlie Bedard Overview In today’s fast-paced world of software development, security vulnerabilities are an ever-present risk. While patching a vulnerability addresses the immediate problem, understanding the root cause is critical to prevent future issues, improve code quality, and strengthen overall …

Finding the Root Cause of a CVE Read More »

Ensuring Open Source Code Integrity

Authored by Tim Curley, Business Development at OpenRefactory. Edited by Charlie Bedard The Imperative of Continual Scanning and Maintenance Abstract Open-source software (OSS) repositories are the lifeblood of modern software development, powering 80%-90% of the digital infrastructure across industries. While the open-source model fosters collaboration and innovation, it also presents unique challenges, particularly regarding code …

Ensuring Open Source Code Integrity Read More »

Sour Pickles

Authored by Md Abdullahil Kafi, secure software engineer at OpenRefactory. Edited by Charlie Bedard Introduction   Pickle vulnerabilities are so widespread that it has become common knowledge in the Python world similar to the buffer overflow vulnerability in the C world. Recently, our team found a deserialization issue (CWE 502: Deserialization of untrusted data) in …

Sour Pickles Read More »

Securing Software Supply Chains With The Six ‘F’ Strategies

Authored by Md Abdullahil Kafi, secure software engineer at OpenRefactory. Edited by Charlie Bedard The ‘F’ Frameworks Michael Winser of the Alpha-Omega project recently wrote a blog on the Three F framework for managing the risk coming from the open source dependencies. Here is a list of the key points made in that article. Open …

Securing Software Supply Chains With The Six ‘F’ Strategies Read More »