Software Integrity Blog

Search Results for 'security risk assessment'


New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks.

Continue Reading...

Posted in Medical Device Security


Synopsys named a leader in the 2019 Gartner MQ for Application Security Testing—3 years running

In the 2019 Gartner Magic Quadrant for Application Security Testing, Synopsys leads the field for our ability to execute and our completeness of vision.

Continue Reading...

Posted in Featured, General


Complex but helpful: Negotiating FDA guidance to build a cybersecurity program

FDA cybersecurity guidance is informed by a long list of standards and recommendations. How can manufacturers translate these documents into practices?

Continue Reading...

Posted in Healthcare Security


Want to secure your apps? Build security in with the right toolchain

Having the right application security toolchain is the most effective way to build security in, which is critical to securing modern apps against attacks.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Architecture and Design


The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Software Composition Analysis


Hacking Security Episode 4: DevSecOps with Meera Rao

Hacking Security is a monthly podcast on emerging trends in application security. In Episode 4, secure development expert Meera Rao discusses DevSecOps.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement, General


GAO report confirms major gaps in government cybersecurity

The September GAO cybersecurity report stated that there are about 1,000 outstanding recommendations for automotive, military, and IoT security, among others.

Continue Reading...

Posted in Automotive Security, General, Internet of Things


Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.

Continue Reading...

Posted in General, Open Source Security, Webinars


Both consumers and retailers need to up their cyber security to make holidays happy

We’ve got some Black Friday advice for retailers and shoppers who want to keep everyone’s data safe and secure, for a truly happy holiday season.

Continue Reading...

Posted in General


How to integrate cloud security into your SSI

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features.

Continue Reading...

Posted in Cloud Security