As a Product Marketing/Business Rotational Program Associate at Synopsys, Charlie will rotate through the sales, marketing, sales operations, and finance departments four months at a time. He joined Black Duck Software in July, before Black Duck Software was acquired by Synopsys. During his time in sales and marketing, Charlie has researched and learned about the importance of open source risk management—especially pertaining to container security and secure DevOps practices. While in marketing, Charlie has been helping with the launch of OpsSight, a product designed for IT Operations and Infrastructure teams hoping to automate security practices in the production environment. He holds a B.A. in Political Economy from Bates College.
Secure coding training isn’t required in most computer science programs. How can you fill the gaps in your developers’ education without slowing them down?
Posted in Agile, CI/CD & DevOps, Developer Enablement, Security Training | Comments Off on How to teach developers secure coding without slowing them down
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.
Posted in Internet of Things, Static Analysis (SAST), Web Application Security | Comments Off on How are code quality and code security related?
The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs.
Posted in Static Analysis (SAST) | Comments Off on Announcing Code Sight 2019.4
Improve your web application security management by finding and fixing security vulnerabilities earlier and achieving compliance with industry standards.
Posted in Static Analysis (SAST) | Comments Off on How to manage web application security with Coverity
You’ve finally purchased a static analysis solution—but do you know how to use it? Learn how to implement SAST tools in a way that best suits your environment.
Posted in Static Analysis (SAST) | Comments Off on So you just bought a SAST tool. Now what?
How can development teams make SAST easier? By using a platform that’s fast, accurate, and flexible and integrates with the tools they already use.
Posted in Static Analysis (SAST) | Comments Off on Making SAST easier, faster, and more integrated with Polaris
Automating static analysis in your SDLC requires a tool that integrates into daily workflows, presents results intuitively, and offers remediation guidance.
Posted in Static Analysis (SAST) | Comments Off on How to automate static analysis in your SDLC
With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.
Posted in Container Security, Open Source Security | Comments Off on Announcing Black Duck OpsSight 2.2—Container security at scale
Organizations are starting to shift left to save time and money. But it’s critical they choose the right application security tools to support developers.
Posted in Agile, CI/CD & DevOps | Comments Off on How to “shift left” with application security tools, and how not to
Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts.
Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Securing containers at scale