Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.
Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.
Posted in General, Open Source Security, Webinars | Comments Off on 3 takeaways from “Managing the Business Risks of Open Source” webinar
From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year.
Posted in General | Comments Off on 9 highlights from the 2018 Software Integrity Blog
The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.
Posted in Data Breach, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee
Explore 10 critical cloud security threats: data breaches, human error, data loss, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws.
Posted in Cloud Security, General | Comments Off on 10 critical cloud security threats in 2018 and beyond
Most software today contains open source. That’s why you need software composition analysis. See open source security presentations from FLIGHT East 2018.
Posted in General, Open Source Security | Comments Off on Black Duck by Synopsys FLIGHT East 2018 presentations
Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, it has become the norm for acquirers to raise open source questions as part of technical and legal due diligence. […]
Posted in General, Open Source Security | Comments Off on Why you need to perform open source due diligence in an M&A transaction
In August I wrote about a new Apache Struts vulnerability that affected Struts 2.3 and Struts 2.5. Apache Struts, an open source framework for developing web applications, is widely used by enterprises worldwide, including (at least at one point in time) the Equifax credit reporting agency. When Equifax did not identify and patch a vulnerable version of […]
Posted in Open Source Security | Comments Off on CVE-2018-11776 and why you need Black Duck Security Advisories
We wind up the month of August with stories on the latest Apache Struts hack—bad news, if you remember Equifax—and what you need to do now to protect yourself. Plus news on plane, ATM, and even water heater hacks, and a primer on what to look for in SAST, DAST, IAST, and RASP tools. Stay […]
Posted in Open Source Security | Comments Off on Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters
About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache Software Foundation on Aug. 22. Users of […]
Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability
Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.
Posted in General, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP
Get the latest AppSec news and trends sent directly to you.
