Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

Tech due diligence: Helping PE firms invest with confidence

When the private equity industry was in its infancy in the 1980s, the tech sector was barely on its radar. Tech is now attracting all types of private equity firms, with the sector representing over 40 percent of US buyouts last year, a trend reflecting the global M&A market, in which tech is also the most popular sector.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Tech due diligence: Helping PE firms invest with confidence

 

What can we learn from the video game industry’s approach to software security?

The video game market is a $100+ billion industry. Some of the most complex software developed today is for video games, using clients, servers, web components, monetary transfers, social interactions, and virtual markets—with every part needing security. Video games are attractive and lucrative targets for hackers, especially when it comes to cheating and piracy.

Continue Reading...

Posted in General | Comments Off on What can we learn from the video game industry’s approach to software security?

 

When software is the company, tech due diligence is critical

AccessOne CTO Connor Gray knows that tech due diligence is essential in an M&A to learn about the potential security and operational risks from a target’s use of open source.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on When software is the company, tech due diligence is critical

 

Meltdown, Spectre security flaws “impact everything”

Welcome to 2018, with two major security flaws revealed that makes any computer device that has chips from Intel, AMD and ARM at risk. One security flaw, dubbed Meltdown, impacts Intel semiconductors, enabling enabling bad guys to steal passwords. The other security flaw, Spectre, impacts chips from all three companies. During an interview with CNBC covered by Reuters, Intel’s chief executive noted that “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product.”

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Software Architecture and Design | Comments Off on Meltdown, Spectre security flaws “impact everything”

 

Equifax, Apache Struts, and CVE-2017-5638 vulnerability

Get the latest news on the Equifax Apache Struts vulnerability (CVE-2017-5638) and see how an unpatched open source flaw led to this massive data breach.

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Equifax, Apache Struts, and CVE-2017-5638 vulnerability

 

GDPR deadline: Does “appropriate security” include open source risk?

It’s May 25th, 2017, and the GDPR deadline is bearing down on us like an express train. Personal data privacy is the impetus behind the EU General Data Protection Regulation (GDPR), which goes into effect in exactly one year — on May 25th, 2018.

Continue Reading...

Posted in Open Source Security, Security Standards and Compliance | Comments Off on GDPR deadline: Does “appropriate security” include open source risk?

 

Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?

Dave Gershgorn, an AI reporter, published an interesting article on Quartz late last week with the ungainly but clickable title This Open-Source Tech Company’s IPO Filing Reads Like an Argument Against Building a Business on Open Source.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?