Software Integrity Blog

Let’s Talk Licenses: Beware the Beerware License

Many companies are relaxed about reusing software under the Beerware License and similar open source licenses. But not all such licenses are created equal.

Continue Reading...

[Infographic] BSIMM10 by the numbers

How many BSIMM participants have a software security group? How many think it’s key to their success? How many people are in the average SSG? Get the facts.

Continue Reading...

Awash in regulations, companies struggle with compliance

The list of regulatory compliance challenges facing companies grows longer every time a new regulation is introduced. But do security regulations even work?

Continue Reading...

[Webinar] Bring container security into OpenShift with Synopsys Operator

Modern applications contain over 50% open source components. Do you have an open source vulnerability management solution for your container environment?

Continue Reading...

Software security program checklist: Kick off your program with a bang

If you want to enjoy your Sunday kickoffs, our software security program checklist of five activities will help you kick off your program successfully.

Continue Reading...

Chain Heist and blockchain security at DEF CON 2019

Chain Heist, our blockchain capture-the-flag at DEF CON 2019, showed that vulnerability detection tooling for blockchain security still has a way to go.

Continue Reading...

Software quality: It can be a matter of life and death

Safety-critical software powers everything from airplanes to power plants, defib machines, and seatbelts. And quality issues can lead to injury and death.

Continue Reading...

[Webinars] Secure your CI/CD pipelines with IAST and Synopsys Detect

Learn how interactive application security testing (IAST) fits into any CI/CD pipeline and how to secure your Azure CI/CD Pipelines with Synopsys Detect.

Continue Reading...

Apple’s $1 million bug bounty could launch arms race for zero-days

Experts have given kudos to Apple for expanding its bug bounty program to all researchers. But is the $1 million top prize enough to turn black hats white?

Continue Reading...

Introducing the Black Duck Jira Cloud integration

The Black Duck Jira Cloud integration is based on a flexible, customizable model, backed by the same exemplary Black Duck software composition product.

Continue Reading...