Software Integrity Blog

3 steps to reduce your API and web service risk in M&A due diligence

Learn more about the risk areas related to APIs and web services during due diligence in M&A transactions involving software, and how to reduce each risk.

Continue Reading...

Code quality and maintenance: Emerging risks of open source use

You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?

Continue Reading...

Start paying down your ‘security debt’ with DevSecOps

Organizations that postpone remediating security issues, or just ignore them, are playing a risky game. But DevSecOps can help reduce your security debt.

Continue Reading...

Experts: Better IoT security depends on changes in culture, habits

Better IoT security requires a change in consumer culture and habits. But manufacturers should be doing more as well, with better guidance from government.

Continue Reading...

Want to comply with privacy laws? Start with security

How do you comply with privacy laws that haven’t even been enacted yet? Start by securing your software and systems against cyber attacks and data breach.

Continue Reading...

There’s no such thing as TMI when it comes to open source software

“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.

Continue Reading...

Top 10 FOSS legal developments in 2019

2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.

Continue Reading...

3 reasons DevSecOps is getting so much attention

Interest in DevSecOps is on the rise. What’s driving this interest? And how can teams use this knowledge to modernize their application security programs?

Continue Reading...

[Webinars] Black Duck on VMware Cloud and open source scans

Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.

Continue Reading...

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.

Continue Reading...