Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.
With a software bill of materials (software BOM), you can respond quickly to the security, license, and operational risks that come with open source use.
Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on What is a software bill of materials?
Smart organizations in the business of building software need to use a mix of application testing tools to ensure their code is high-quality and secure.
Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on JDA Software: Extending their SDLC to remediate open source issues
Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.
Posted in Mergers & Acquisitions, Open Source Security, Webinars | Comments Off on 3 takeaways from “Managing the Business Risks of Open Source” webinar
From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year.
Posted in Application Security | Comments Off on 9 highlights from the 2018 Software Integrity Blog
The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.
Posted in Data Breach Security, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee
Don’t let cloud security threats rain on your parade. Explore our list of the top 10 security risks in cloud computing and what you can do to mitigate them.
Posted in Cloud Security | Comments Off on 10 critical cloud security threats in 2018 and beyond
Most software today contains open source. That’s why you need software composition analysis. See open source security presentations from FLIGHT East 2018.
Posted in Mergers & Acquisitions, Open Source Security | Comments Off on FLIGHT East 2018 open source security presentations
Today’s software contains more than 50% open source. Companies involved in technology M&A need to know why and how to perform open source due diligence.
Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Why you need to perform open source due diligence in an M&A transaction
Our researchers discovered 23 more versions of Struts vulnerable to CVE-2018-11776. The NVD won’t tell you that—but Black Duck Security Advisories will.
Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on CVE-2018-11776 and why you need Black Duck Security Advisories
CVE-2018-11776, a newly disclosed critical remote code execution vulnerability, affects all supported versions of Apache Struts 2 web application framework.
Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability
