Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

FLIGHT East 2018 open source security presentations

Most software today contains open source. That’s why you need software composition analysis. See open source security presentations from FLIGHT East 2018.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on FLIGHT East 2018 open source security presentations

 

Why you need to perform open source due diligence in an M&A transaction

Today’s software contains more than 50% open source. Companies involved in technology M&A need to know why and how to perform open source due diligence.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Why you need to perform open source due diligence in an M&A transaction

 

CVE-2018-11776 and why you need Black Duck Security Advisories

Our researchers discovered 23 more versions of Struts vulnerable to CVE-2018-11776. The NVD won’t tell you that—but Black Duck Security Advisories will.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on CVE-2018-11776 and why you need Black Duck Security Advisories

 

CVE-2018-11776: The latest Apache Struts vulnerability

CVE-2018-11776, a newly disclosed critical remote code execution vulnerability, affects all supported versions of Apache Struts 2 web application framework.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on CVE-2018-11776: The latest Apache Struts vulnerability

 

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

Each application security testing tool (e.g., SAST, IAST, DAST, RASP) has distinct advantages, but you’ll get the best results when you use them together.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Static Analysis (SAST), Web Application Security | Comments Off on The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

 

Tech due diligence: Helping PE firms invest with confidence

Read how Black Duck Audits help NorthEdge Capital make tech investments, using tech due diligence to find legal, operational, and security issues.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Tech due diligence: Helping PE firms invest with confidence

 

What can we learn from the video game industry’s approach to software security?

The video game market is a $100+ billion industry. Some of the most complex software developed today is for video games, using clients, servers, web components, monetary transfers, social interactions, and virtual markets—with every part needing security. Video games are attractive and lucrative targets for hackers, especially when it comes to cheating and piracy.

Continue Reading...

Posted in Application Security | Comments Off on What can we learn from the video game industry’s approach to software security?

 

When software is the company, tech due diligence is critical

AccessOne CTO Connor Gray knows that tech due diligence is essential in an M&A to learn about the potential security and operational risks from a target’s use of open source.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on When software is the company, tech due diligence is critical

 

Equifax, Apache Struts, and CVE-2017-5638 vulnerability

Get the latest news on the Equifax Apache Struts vulnerability (CVE-2017-5638) and see how an unpatched open source flaw led to this massive data breach.

Continue Reading...

Posted in Data Breach Security, Open Source Security | Comments Off on Equifax, Apache Struts, and CVE-2017-5638 vulnerability

 

GDPR deadline: Does “appropriate security” include open source risk?

Organizations that handle European citizens’ data must adhere to “Appropriate Security” in the EU GDPR. The GDPR deadline has passed, but you still have time to address appropriate security at your organization.

Continue Reading...

Posted in Open Source Security, Software Compliance, Quality & Standards | Comments Off on GDPR deadline: Does “appropriate security” include open source risk?