Software Integrity Blog

The 411 on Stack Overflow and open source license compliance

Developer communities like Stack Overflow are a great resource for your open source projects, but proper due diligence is required to manage compliance risks.

Continue Reading...

Securing the IoT tsunami

IoT devices create wider attack surfaces for hackers. Learn about today’s IoT security challenges and how security testing can help.

Continue Reading...

What the 2021 OSSRA report tells us about the state of open source in commercial software

Open source vulnerabilities are on the rise according to the new OSSRA report. Get the latest information on open source security, compliance, and code quality risk.

Continue Reading...

Neil Daswani talks about his big breaches book and the BSIMM

Dr. Neil Daswani discusses the root causes of today’s breaches and how the BSIMM can help companies achieve the right security habits.

Continue Reading...

Penetration testing: A yearly physical for your applications

Regardless of your company’s maturity level, penetration testing should be conducted annually to understand the health of your applications.

Continue Reading...

Integrating fuzzing into DevSecOps

Fuzzing helps detect unknown vulnerabilities before software is released. Learn when and where to integrate and automate fuzz testing in your SDLC.

Continue Reading...

Don’t be the weak link in your customers’ supply chain security

To solve the supply chain security dilemma, producers must get back to security basics. Get best practices for securing your supply chain.

Continue Reading...

Medical device security in a pandemic world

The pandemic has put a lot of things on hold over the last year, but medical device security shouldn’t be one of them.

Continue Reading...

AppSec Decoded: What are organizations doing to manage open source vulnerabilities?

In this AppSec Decoded interview, we look at the top takeaways from the ‘DevSecOps Practices and Open Source Management in 2020’ report. 

Continue Reading...

Synopsys CyRC named a CVE Numbering Authority

As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities.

Continue Reading...