Software Integrity Blog

Author Archive

Charlie Klein

charlie-klein

As a Product Marketing/Business Rotational Program Associate at Synopsys, Charlie will rotate through the sales, marketing, sales operations, and finance departments four months at a time. He joined Black Duck Software in July, before Black Duck Software was acquired by Synopsys. During his time in sales and marketing, Charlie has researched and learned about the importance of open source risk management—especially pertaining to container security and secure DevOps practices. While in marketing, Charlie has been helping with the launch of OpsSight, a product designed for IT Operations and Infrastructure teams hoping to automate security practices in the production environment. He holds a B.A. in Political Economy from Bates College.


Posts by Charlie Klein:

 

How to teach developers secure coding without slowing them down

Secure coding training isn’t required in most computer science programs. How can you fill the gaps in your developers’ education without slowing them down?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Developer Enablement, Security Training | Comments Off on How to teach developers secure coding without slowing them down

 

How are code quality and code security related?

Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.

Continue Reading...

Posted in Internet of Things, Static Analysis (SAST), Web Application Security | Comments Off on How are code quality and code security related?

 

Announcing Code Sight 2019.4

The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Announcing Code Sight 2019.4

 

How to manage web application security with Coverity

Improve your web application security management by finding and fixing security vulnerabilities earlier and achieving compliance with industry standards.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on How to manage web application security with Coverity

 

So you just bought a SAST tool. Now what?

You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on So you just bought a SAST tool. Now what?

 

Making SAST easier, faster, and more integrated with Polaris

How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Making SAST easier, faster, and more integrated with Polaris

 

How to automate static analysis in your SDLC

Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance.

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on How to automate static analysis in your SDLC

 

Announcing Black Duck OpsSight 2.2—Container security at scale 

With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Announcing Black Duck OpsSight 2.2—Container security at scale 

 

How to “shift left” with application security tools, and how not to

Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on How to “shift left” with application security tools, and how not to

 

Securing containers at scale

Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts.

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Securing containers at scale