Application Security & Software Security Blog

3 steps to reduce your API and web service risk in M&A due diligence

Learn more about the risk areas related to APIs and web services during due diligence in M&A transactions involving software, and how to reduce each risk.

Code quality and maintenance: Emerging risks of open source use

You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?

Start paying down your ‘security debt’ with DevSecOps

Organizations that postpone remediating security issues, or just ignore them, are playing a risky game. But DevSecOps can help reduce your security debt.

Experts: Better IoT security depends on changes in culture, habits

Better IoT security requires a change in consumer culture and habits. But manufacturers should be doing more as well, with better guidance from government.

Want to comply with privacy laws? Start with security

How do you comply with privacy laws that haven’t even been enacted yet? Start by securing your software and systems against cyber attacks and data breach.

There’s no such thing as TMI when it comes to open source software

“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.

Top 10 FOSS legal developments in 2019

2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.

3 reasons DevSecOps is getting so much attention

Interest in DevSecOps is on the rise. What’s driving this interest? And how can teams use this knowledge to modernize their application security programs?

[Webinars] Black Duck on VMware Cloud and open source scans

Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.

Next Entries »

Be the first to know

Don’t miss the latest AppSec news and trends every Friday.

Subscribe to the blog

Software Integrity Blog

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

How to Cyber Security: It’s all about developers, except when it’s not

Ask the Experts: What’s most rewarding about your career in cyber security?

3 steps to reduce your API and web service risk in M&A due diligence

Code quality and maintenance: Emerging risks of open source use

Start paying down your ‘security debt’ with DevSecOps

Experts: Better IoT security depends on changes in culture, habits

Want to comply with privacy laws? Start with security

There’s no such thing as TMI when it comes to open source software

Top 10 FOSS legal developments in 2019

3 reasons DevSecOps is getting so much attention

[Webinars] Black Duck on VMware Cloud and open source scans

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

Legal

Follow