Off the top of my head: About having everything green in Qualys

traffic light at green — Photo by Carlos Alberto Gómez Iñiguez

Vulnerability management is difficult. Many organizations aim to fix all the security vulnerabilities they can identify. They want to run a scan like Qualys and that everything come up green. In my opinion, it is a good and ambitious objective, but that strategy can be counter-productive.

Continue reading “Off the top of my head: About having everything green in Qualys” →

Introduction to dependencyCheck: an open source Software Composition Analysis (SCA) tool

depencencyCheck is an open source dependency security scanner. This kind of tools are also called SCA (Software Composition Analysis).

dependencyCheck identifies which dependencies (aka third party libraries) a software is using and indicates if any of them have known vulnerabilities.

Continue reading “Introduction to dependencyCheck: an open source Software Composition Analysis (SCA) tool” →

Infosec Adalid

Cybersecurity: People, Processes, and Technology

Tag: dependencyCheck

Off the top of my head: About having everything green in Qualys

Introduction to dependencyCheck: an open source Software Composition Analysis (SCA) tool

Most popular posts

Recent Posts

Archive

Categories