As a Product Marketing/Business Rotational Program Associate at Synopsys, Charlie will rotate through the sales, marketing, sales operations, and finance departments four months at a time. He joined Black Duck Software in July, before Black Duck Software was acquired by Synopsys. During his time in sales and marketing, Charlie has researched and learned about the importance of open source risk management—especially pertaining to container security and secure DevOps practices. While in marketing, Charlie has been helping with the launch of OpsSight, a product designed for IT Operations and Infrastructure teams hoping to automate security practices in the production environment. He holds a B.A. in Political Economy from Bates College.
Get started with the Dockerized Black Duck installation. This post outlines workplace specifications, tools, and steps for installing Black Duck.
Posted in Building secure software, Software Composition Analysis (SCA)
Secure coding training isn’t required in most computer science programs. How can you fill the gaps in your developers’ education without slowing them down?
Posted in Building secure software
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.
Posted in IoT Security, Static Analysis (SAST), Web Application Security
The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs.
Posted in Static Analysis (SAST)
Improve your web application security management by finding and fixing security vulnerabilities earlier and achieving compliance with industry standards.
Posted in Static Analysis (SAST)
You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment.
Posted in Static Analysis (SAST)
How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use.
Posted in Static Analysis (SAST)
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance.
Posted in Static Analysis (SAST)
With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.
Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.
Posted in Agile, CI/CD & DevOps