Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

3 takeaways from “Managing the Business Risks of Open Source” webinar

Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on 3 takeaways from “Managing the Business Risks of Open Source” webinar

 

9 highlights from the 2018 Software Integrity Blog

From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year.

Continue Reading...

Posted in General | Comments Off on 9 highlights from the 2018 Software Integrity Blog

 

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee

 

10 critical cloud security threats in 2018 and beyond

Explore 10 critical cloud security threats: data breaches, human error, data loss, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws.

Continue Reading...

Posted in Cloud Security, General | Comments Off on 10 critical cloud security threats in 2018 and beyond

 

Black Duck by Synopsys FLIGHT East 2018 presentations

Most software today contains open source. That’s why you need software composition analysis. See open source security presentations from FLIGHT East 2018.

Continue Reading...

Posted in General, Open Source Security | Comments Off on Black Duck by Synopsys FLIGHT East 2018 presentations

 

Why you need to perform open source due diligence in an M&A transaction

Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, it has become the norm for acquirers to raise open source questions as part of technical and legal due diligence. […]

Continue Reading...

Posted in General, Open Source Security | Comments Off on Why you need to perform open source due diligence in an M&A transaction

 

CVE-2018-11776 and why you need Black Duck Security Advisories

In August I wrote about a new Apache Struts vulnerability that affected Struts 2.3 and Struts 2.5. Apache Struts, an open source framework for developing web applications, is widely used by enterprises worldwide, including (at least at one point in time) the Equifax credit reporting agency. When Equifax did not identify and patch a vulnerable version of […]

Continue Reading...

Posted in Open Source Security | Comments Off on CVE-2018-11776 and why you need Black Duck Security Advisories

 

Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

We wind up the month of August with stories on the latest Apache Struts hack—bad news, if you remember Equifax—and what you need to do now to protect yourself. Plus news on plane, ATM, and even water heater hacks, and a primer on what to look for in SAST, DAST, IAST, and RASP tools. Stay […]

Continue Reading...

Posted in Open Source Security | Comments Off on Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

 

CVE-2018-11776: The latest Apache Struts vulnerability

About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache Software Foundation on Aug. 22. Users of […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability

 

Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool—SAST, IAST, DAST, and RASP—has its distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in General, Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP