Application Security

Learn how to design a sustainable vulnerability management program by balancing risk tolerance, security policies, and team resources.

Learn how to effectively assess the accuracy, and consequently the trustworthiness, of a reachability analysis.

Numerous SCA providers offer reachability analysis. This article explores various options, highlighting their pros and cons.

Learn what's different about Coana's approach to reachability and what we do to ensure highly trustworthy results.

Coana redefines vulnerability management, combining efficiency with cost savings. Discover how it enhances security and developer moral.

Focusing on actionable vulnerabilities, The Coana SCA with reachability analysis enhances efficiency and security.

Coana tackles the inherent flaws in traditional vulnerability scanning, advocating for a smarter, more focused approach.

On the CyberBytes podcast, Socket CEO Feross Aboukhadijeh discusses the challenges in OSS security, the hacker mindset, and the shift towards using proactive tools that go beyond traditional vulnerability scanning to prevent supply chain attacks.

Deprecated npm packages are common in modern software projects. Learn about the risks of using unmaintained code, how to identify these packages, and evaluate alternatives.

Unpacking SCA with reachability analysis: Coana's new approach lets you disregard up to 95% false positives.

This short history of protestware - from punch cards to package managers - explores the intriguing and controversial phenomenon of digital activism and the risks to open source supply chains.

An NPM user named PatrickJS launched a troll campaign with a package called "everything," which depends on all public npm packages.

Learn how to integrate Socket into your Bitbucket pipeline for added security, reducing your dependency supply chain risk!

Supply chain attacks that leverage typosquatting are steeply rising over previous years. Learn how Socket for GitHub and Socket CLI can protect your app.

A short walkthrough of how to integrate Socket into the Gitlab CI/CD process

How Socket uses LLMs to enhance both the analysis and explanation of open-source software packages.

What supply chain attacks are, and how Socket can help protect you from them.

Vulnerability scanners provide a false sense of security to appsec teams and do little to prevent supply chain attacks.

Exposing the flaws of traditional SCA tools, and introducing a solution.

Socket explains the newly released npm provenance provided by GitHub.

Examples of recent supply chain attacks and concrete steps you can take to protect your team from this emerging threat.

Confidence is good but overconfidence always sinks the ship.