Featured Posts
All Posts

Security
Jul 17, 2026
The White House’s “Gold Eagle” Clearinghouse Makes “Secure in Place” A Requirement for Combatting AI-Scale Vulnerability Discovery
As AI accelerates vulnerability discovery, enterprises need lifecycle visibility and a secure-in-place strategy to protect unsupported, business-critical software.
Greg Allen

Compliance
Jul 16, 2026
The $258,000 Fork: Why DIY Compliance Workarounds Are a Tech-Debt Trap
Uncovering the hidden $258,000 cost of maintaining private open source forks and navigating CRA compliance.
Taylor Corbett

Security
Jul 16, 2026
CVE-2026-10050: Jetty Digest Authentication Bypass (ISO-8859-1)
How lossy ISO-8859-1 encoding in Jetty's Digest auth client lets an attacker authenticate with a collision password
Greg Allen

EOL Software
Jul 14, 2026
Java 8, 11, 17 EOL Dates by OpenJDK Vendor: Temurin to Red Hat
Every JDK vendor's end-of-life date for Java 8, 11, 17, and 21 in one place, and what those dates mean for the frameworks pinned to them.
Greg Allen
.png)
EOL Software
Jul 9, 2026
Node.js June 2026 Security Releases: Patches for EOL Node 18 and 20
Addressing June 2026 CVEs and Providing Security Coverage for End-of-Life Versions
Greg Allen

Security
Jul 8, 2026
CVE-2026-50169, CVE-2026-50184 & CVE-2026-54264: Angular Service Worker Request-Policy Stripping
How the Angular Service Worker discards client-defined request policy during asset reconstruction, leaking credentials and following redirects the application meant to block
Greg Allen

EOL Software
Jul 8, 2026
The Nursing Home of the Internet: Why End-of-Life Open Source Is Your Biggest Hidden Liability
Why End-of-Life Open Source Is Your Biggest Hidden Liability
Taylor Corbett

EOL Software
Jul 7, 2026
Next.js EOL Dates: Version Support Timeline (9 Through 16)
A complete reference for every Next.js release timeline, the CVEs hitting end-of-life versions, and what teams running Next.js 13 and earlier need to do now.
Javier Perez
.png)
Compliance
Jul 6, 2026
The CRA Readiness Gap: Why Most Organizations Aren’t Ready for December 2027 — and What to Do About It
Navigating the EU’s Cyber Resilience Act and the urgency of the 2027 deadline
Taylor Corbett
.png)
EOL Software
Jul 3, 2026
Bootstrap End of Life Dates: Bootstrap 2, 3, 4, and 5 (2026 Guide)
A complete reference for every Bootstrap major version, its release timeline, end-of-life date, and the CVEs still actively affecting unsupported releases.
Greg Allen

Open Source Ecosystem
Jul 2, 2026
The AI CVE Tsunami: What Happens When LLMs Start Hunting Open Source Vulnerabilities at Scale
How AI is Accelerating Vulnerability Discovery and Challenging Open Source Security
Taylor Corbett

Open Source Ecosystem
Jul 1, 2026
Your CFO Just Shipped Code. Nobody Knows What’s In It.
The Hidden Risks of Vibe-Coded Apps and Invisible Tech Debt
Taylor Corbett

Security
Jul 1, 2026
Apache Tomcat CVE Round-Up: 7 Vulnerabilities Disclosed June 2026, Including CVE-2026-55957
An Important authentication bypass in the JNDIRealm, a Moderate default servlet security constraint bypass, and five more findings across the EncryptInterceptor, RewriteValve, FFM connector, examples webapp, and effective web.xml logging. Here is what changed, what affects end-of-life Tomcat 8.5, and who needs to act.
Greg Allen

EOL Software
Jul 1, 2026
Spring Boot Versions, EOL Dates, and Latest Releases (July 2026)
The current Spring Boot release, every supported branch, every end-of-life date, and what to do if you are stuck on an unsupported version. Updated for July 2026.
Greg Allen

Security
Jun 29, 2026
CVE-2026-42055: NGINX gRPC Heap Overflow Hits Ingress NGINX (2026)
How oversized headers in NGINX's HTTP/2 and gRPC proxy path corrupt worker memory and crash retired Ingress NGINX deployments
Greg Allen
.png)
.png)
.png)