Software Integrity

It was mostly sunny outside RSA Conference 2018 in San Francisco during the opening keynotes on Tuesday. Inside? Well, there were some sunny breaks, but plenty of clouds as well. It started sunny, when RSA president Rohit Ghai acknowledged the clouds but chose to focus on “Three Silver Linings.” “I’m not in denial,” he said. […]

Continue Reading...

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

It’s been quite an interesting few weeks in the land of data breach disclosures. We started with Under Armour disclosing a breach in their MyFitnessPal application that impacted 150 million users. A few days later, Lord & Taylor and Saks Fifth Avenue disclosed a breach impacting millions of their in-store shoppers. Later the same day, […]

Continue Reading...

Any tradesperson, specialist, expert, aficionado, or technologist will tell you that the key to a quality outcome is a set of tools specific to the project and oriented to the goal. The realm of software security and secure DevOps is no exception to this truth, and in Black Duck Hub’s version 4.5 release, we further […]

Continue Reading...

As application development teams are pressured to deliver software faster than ever, containers offer clear advantages. Docker debuted to the public in 2013, and since then there have been over 29 billion Docker container downloads. Benefits of containerization 66% of organizations adopting containers experienced accelerated developer efficiency 75% of companies achieved an increase in application […]

Continue Reading...

Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]

Continue Reading...

The cryptocurrency industry is both beloved and feared for being the so-called Wild West of finance. Beloved because of minimal regulation and at least a measure of anonymity. Feared because of minimal protection. There is no Federal Reserve to set a value, no FDIC to guarantee at least a portion of what you have stored […]

Continue Reading...

The habit of breaking things When I was a child, I liked to break things to see how they were built. When I was older, I didn’t grow out of this habit. In fact, I joined a company with like-minded individuals. Now we don’t break things just for the sake of breaking them; we break […]

Continue Reading...

Do you know what’s in your containers? No, the question has nothing to do with those mystery containers in your fridge. But if you don’t know what’s in those lovely Docker containers which are all the rage, you could be in store for just as rude a surprise as discovering what might be hiding deep […]

Continue Reading...

Anonymity—one of the biggest draws of cryptocurrency and the blockchain infrastructure it depends on—could get turned on its head if the vision of the head of the International Monetary Fund (IMF) comes true. Christine Lagarde, managing director of the IMF, called in a recent blog post for more regulation of the cryptocurrency market—to include the […]

Continue Reading...