Application Security & Software Security Blog

Discovery capabilities: A core differentiator for Black Duck SCA

Stay on top of open source vulnerabilities and license obligations with discovery capabilities from Black Duck.

How to manage open source risks using Black Duck SCA

Open source risk goes beyond application security. Legal, operational, and supply chain implications demand a capable solution like Black Duck SCA.

How to cyber security: Faceplanting in 10 lines of code

Failure to address security early in the software development life cycle can increase business risks. Learn how a proactive, holistic approach helps achieve more-secure software.

How to evaluate the ROI of your software security program

The ROI of software security is difficult to calculate when the goal is to avoid a breach. Learn where to look for ROI in an AppSec program to maximize your investment.

Demystifying CVSS Scoring

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Assessing design quality for better software due diligence

Design quality audits are sometimes overlooked in software due diligence, but they are vital to understanding the overall health of a company’s software system.

Forrester recognizes Synopsys as a leader in static application security testing

We’re proud to announce that Synopsys has been named a leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. Find out why.

What is the cost of poor software quality in the U.S.?

The total cost of poor software quality in the U.S. is estimated at $2.08 trillion. Learn what contributes to the cost and how security can help minimize errors.

Don’t get overwhelmed with trivial defects. Manage them!

Misuse of security tools can lead to defect overload for development teams. Knowing when and how to use these tools will yield more effective DevSecOps.