Software Integrity Blog

Author Archive

Charlie Klein

charlie-klein

As a Product Marketing/Business Rotational Program Associate at Synopsys, Charlie will rotate through the sales, marketing, sales operations, and finance departments four months at a time. He joined Black Duck Software in July, before Black Duck Software was acquired by Synopsys. During his time in sales and marketing, Charlie has researched and learned about the importance of open source risk management—especially pertaining to container security and secure DevOps practices. While in marketing, Charlie has been helping with the launch of OpsSight, a product designed for IT Operations and Infrastructure teams hoping to automate security practices in the production environment. He holds a B.A. in Political Economy from Bates College.


Posts by Charlie Klein:

 

Announcing Black Duck OpsSight 2.2—Container security at scale 

With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Announcing Black Duck OpsSight 2.2—Container security at scale 

 

How to “shift left” with application security tools, and how not to

Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on How to “shift left” with application security tools, and how not to

 

Securing containers at scale

Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be difficult in containerized production environments, which pose new challenges to application security. Organizations need visibility into the open […]

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Securing containers at scale

 

Securing applications with Coverity’s static analysis results

This is the third post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in previous posts, developers are more likely to use SAST tools to improve application security when they integrate seamlessly into existing development workflows. While integration into […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Securing applications with Coverity’s static analysis results

 

Integrating Coverity static analysis into development workflows

This is the second post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. As discussed in the previous blog post, static analysis is more likely to have a significant impact on application security when it supports the goals of developers, rather […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Static Analysis (SAST) | Comments Off on Integrating Coverity static analysis into development workflows

 

Maximizing the impact of static analysis

This is the first post in a three-part series on how you can maximize the impact of a static analysis solution by supporting developers and their goals. Aligning static analysis with development goals Application security responsibilities are shifting to the developer as organizations look to produce secure, high-quality software at a competitive pace. Because of […]

Continue Reading...

Posted in Static Analysis (SAST) | Comments Off on Maximizing the impact of static analysis

 

Enable DevSecOps with Coverity: deliver secure code, faster

The timeless demand to reduce time to market has put DevOps in a position to solidify itself as a defining characteristic of modern SDLCs. While the need to accelerate software development is as old as software development is, the need to produce secure software is currently gaining traction in light of recent software security blunders. […]

Continue Reading...

Posted in Agile, CI/CD & DevOps | Comments Off on Enable DevSecOps with Coverity: deliver secure code, faster

 

The best way to secure applications in 2018? Learn from 2017

2017—a turbulent year in application security From breaches making headlines to exciting new technologies, 2017 was abuzz with conversation around securing applications and the implications of access to personal data. We saw what can happen when sensitive data is not properly secured, providing a sharp reminder of why application security is so important. Looking ahead, […]

Continue Reading...

Posted in Data Breach | Comments Off on The best way to secure applications in 2018? Learn from 2017

 

Migrating to Docker on Black Duck

Before Black Duck began leveraging Docker, customers utilized the App Manager Install Method to deploy it. Black Duck now deploys as a set of containers, so customers need to install Docker to take advantage of updates to the application. By the end of this guide, you’ll have a basic understanding of how to migrate Black Duck to a containerized […]

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Migrating to Docker on Black Duck

 

An introduction to installing Black Duck

Black Duck Academy hosts a series of videos that help our customers deploy, manage, and use our products. To help our customers see value from Black Duck immediately after their purchase, this post supplements our video on installing the Hub. Think of this post as a quick way to get you started with the Dockerized […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on An introduction to installing Black Duck