Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

What is a software bill of materials?

With a software bill of materials (software BOM), you can respond quickly to the security, license, and operational risks that come with open source use.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on What is a software bill of materials?

 

JDA Software: Extending their SDLC to remediate open source issues

Smart organizations in the business of building software need to use a mix of application testing tools to ensure their code is high-quality and secure.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on JDA Software: Extending their SDLC to remediate open source issues

 

3 takeaways from “Managing the Business Risks of Open Source” webinar

Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Webinars | Comments Off on 3 takeaways from “Managing the Business Risks of Open Source” webinar

 

9 highlights from the 2018 Software Integrity Blog

From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year.

Continue Reading...

Posted in Application Security | Comments Off on 9 highlights from the 2018 Software Integrity Blog

 

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.

Continue Reading...

Posted in Data Breach Security, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee

 

10 critical cloud security threats in 2018 and beyond

Don’t let cloud security threats rain on your parade. Explore our list of the top 10 security risks in cloud computing and what you can do to mitigate them.

Continue Reading...

Posted in Cloud Security | Comments Off on 10 critical cloud security threats in 2018 and beyond

 

FLIGHT East 2018 open source security presentations

Most software today contains open source. That’s why you need software composition analysis. See open source security presentations from FLIGHT East 2018.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on FLIGHT East 2018 open source security presentations

 

Why you need to perform open source due diligence in an M&A transaction

Today’s software contains more than 50% open source. Companies involved in technology M&A need to know why and how to perform open source due diligence.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Why you need to perform open source due diligence in an M&A transaction

 

CVE-2018-11776 and why you need Black Duck Security Advisories

Our researchers discovered 23 more versions of Struts vulnerable to CVE-2018-11776. The NVD won’t tell you that—but Black Duck Security Advisories will.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on CVE-2018-11776 and why you need Black Duck Security Advisories

 

CVE-2018-11776: The latest Apache Struts vulnerability

CVE-2018-11776, a newly disclosed critical remote code execution vulnerability, affects all supported versions of Apache Struts 2 web application framework.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability