Software Integrity Blog

Under pressure: Managing the competing demands of development velocity and application security

Nearly 50% of development teams knowingly release vulnerable code. Learn why vulnerabilities are overlooked and how you can improve application security.

Continue Reading...

Open source licenses: No license, no problem? Or … not?

Understand the three common scenarios for why unlicensed open source is found in the codebase and the implications of it being embedded in commercial apps.

Continue Reading...

BSIMM11 tracks top trends in market activity

Measure and improve your software security initiative using the four key market activity trends observed in the new BSIMM11 report.

Continue Reading...

MITRE releases 2020 CWE Top 25 most dangerous software weaknesses

Learn how this year’s CWE Top 25 list of the most dangerous software weaknesses can be used to set priorities in your application security.

Continue Reading...

BSIMM11: Tracking the cutting edge of software security initiatives

BSIMM11 gathers research on software security activities from real-life firms to create a guide to help you navigate your software security initiative.

Continue Reading...

TANSTAAFL! The tragedy of the commons meets open source software

Open source projects can become victims of their own success. What can developers do to secure their open source software?

Continue Reading...

Black Duck continues to expand vulnerability prioritization methods

Today’s release of Black Duck adds vulnerability impact analysis, which indicates whether your application executes vulnerable code. Let’s look at how this addition further augments your prioritization efforts.

Continue Reading...

Developing a COVID-19 track and trace app — through the lens of Synopsys

The rapidly evolving COVID-19 emergency has set off a global race to trace, and Synopsys offers key considerations for track and trace application development.

Continue Reading...

How to cyber security: Pain in the *AST

What’s the difference between IT security and application security? And what do all those acronyms mean? Learn more in our quick cyber security primer.

Continue Reading...

Defensible risk management can improve your job security

If your organization suffers a data breach, your job security might hinge on whether you’ve practiced defensible risk management. Don’t make these mistakes.

Continue Reading...