Hi all! I’m Yaqin, working as a Security Researcher in the R&D team in Singapore.
Hi all! I’m Jonah and I’ll be a Front-End Engineer based in Singapore. I graduated from the National University of Singapore with a degree in Information Systems. After graduation, I spent a couple of years as a consultant at a telecoms company during which I became increasingly fond of Front-End technologies and UI/UX/Visual design.
Hi everyone! I’m Darius, working as a Software Engineer in the R&D team in Singapore. I recently graduated from the National University of Singapore with a Computer Science degree.
If you are following along on our Twitter feed (and if you’re not, you really should) you will notice we are tweeting out a stream of vulnerabilities that don’t have CVEs. Right now, it’s on auto-schedule to tweet one every few hours throughout the PST working day, but we could crank it up a fair bit. On Friday at ApacheCon, Caleb Fenton, John Viega, and I will demo an open-source tool that we are going to release next week called Commit Watcher. This is an interactive proof of concept version of a more sophisticated suite of features that our engineering team are building into our platform to watch libraries and uncover what our team has come to call Half-Days.
I have spent 15 years watching talented hard working developers who are re-inventing the world roll their eyes when asked to use security tools. You all know that security is a must-have in the world we live in and in my experience without exception you always want to do the right thing, but faced with having to use tools that don’t add value to your work, generate more noise than signal and slow you down it became increasingly hard for me to not be frustrated by the status quo.
Hello, I am Ang Ming Yi (@ Ming), or Ming for short, and I have just joined SourceClear as a Security Research Intern.
Hello, I am Jeevarathinam Dhanapal (@ Jeeva) and have just joined SourceClear as a Site Reliability Engineering lead.
On our journey to ensure all open-source is being used safely, we have taken a step forward by adding language support for a growing community of developers. I am happy to announce that you can now scan your Python 2 applications and see if they are using vulnerable open-source libaries. We mirror PyPi packages in our library catalog, and already have hundreds of Python vulnerabilities cataloged from a wide variety of sources.