
Application Security
Creating an Effective Vulnerability Management Program for Open Source Vulnerabilities
Learn how to design a sustainable vulnerability management program by balancing risk tolerance, security policies, and team resources.
Sarah Gooding
July 25, 2025
Application Security
Learn how to design a sustainable vulnerability management program by balancing risk tolerance, security policies, and team resources.
Application Security
Learn how to effectively assess the accuracy, and consequently the trustworthiness, of a reachability analysis.
Application Security
Numerous SCA providers offer reachability analysis. This article explores various options, highlighting their pros and cons.
Application Security
Learn what's different about Coana's approach to reachability and what we do to ensure highly trustworthy results.
Application Security
Coana redefines vulnerability management, combining efficiency with cost savings. Discover how it enhances security and developer moral.
Application Security
Focusing on actionable vulnerabilities, The Coana SCA with reachability analysis enhances efficiency and security.
Security News
/Application Security
Coana tackles the inherent flaws in traditional vulnerability scanning, advocating for a smarter, more focused approach.
Security News
/Application Security
On the CyberBytes podcast, Socket CEO Feross Aboukhadijeh discusses the challenges in OSS security, the hacker mindset, and the shift towards using proactive tools that go beyond traditional vulnerability scanning to prevent supply chain attacks.
Application Security
Deprecated npm packages are common in modern software projects. Learn about the risks of using unmaintained code, how to identify these packages, and evaluate alternatives.
Application Security
Unpacking SCA with reachability analysis: Coana's new approach lets you disregard up to 95% false positives.
Application Security
/Security News
This short history of protestware - from punch cards to package managers - explores the intriguing and controversial phenomenon of digital activism and the risks to open source supply chains.
Application Security
An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages.
Application Security
/Product
Learn how to integrate Socket into your Bitbucket pipeline for added security, reducing your dependency supply chain risk!
Application Security
Supply chain attacks that leverage typosquatting are steeply rising over previous years. Learn how Socket for GitHub and Socket CLI can protect your app.
Application Security
/Product
A short walkthrough of how to integrate Socket into the Gitlab CI/CD process
Application Security
How Socket uses LLMs to enhance both the analysis and explanation of open-source software packages.
Application Security
What supply chain attacks are, and how Socket can help protect you from them.
Application Security
Vulnerability scanners provide a false sense of security to appsec teams and do little to prevent supply chain attacks.
Application Security
Exposing the flaws of traditional SCA tools, and introducing a solution.
Application Security
Socket explains the newly released npm provenance provided by GitHub.
Application Security
Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.
Application Security
Confidence is good but overconfidence always sinks the ship.