SEARCH
Archive
Node.js Update Fixes High Severity Flaws
An update for the Node.js framework includes fixes for DNS rebinding and HTTP smuggling vulnerabilities.
Most Applications Contain Vulnerable Open Source Libraries
Modern software development relies on open source libraries, even for those applications that are sold commercially and aren’t open source. A pair of reports from Veracode and Synopsys illustrate how these components are introducing vulnerabilities into these applications.
GitHub’s npm Acquisition Will Boost JavaScript Security
The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.