Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

What’s in your containers?, Spring Break vulnerability, cyber security in healthcare

Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]

Continue Reading...

Posted in Container Security, Data Breach, Healthcare Security, Open Source Security | Comments Off on What’s in your containers?, Spring Break vulnerability, cyber security in healthcare

 

Securing IoT, Atlanta ransomware, Congress on cybersecurity

The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April.  You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week.  Don’t delay, […]

Continue Reading...

Posted in Automotive Security, Internet of Things | Comments Off on Securing IoT, Atlanta ransomware, Congress on cybersecurity

 

GitHub finds 4M flaws, IAST Magic Quadrant, 2018 Open Source Rookies

A big news week for Synopsys as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cyber security news in this week’s Open Source Insight!

Continue Reading...

Posted in Open Source Security | Comments Off on GitHub finds 4M flaws, IAST Magic Quadrant, 2018 Open Source Rookies

 

Who owns Linux? TRITON attack, app security testing, future of GDPR

We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, going in-depth into the TRITON attack, why 2018 is the year of open source, how open source is driving both IoT and AI, […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Automotive Security, Data Breach, Open Source Security, Security Standards and Compliance | Comments Off on Who owns Linux? TRITON attack, app security testing, future of GDPR

 

SCA for DevOps, DHS security, securing open source for GDPR, CVE gap

This week’s Open Source Insight examines software composition analysis and how it fits into DevOps. It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Legal, Open Source Security | Comments Off on SCA for DevOps, DHS security, securing open source for GDPR, CVE gap

 

AppSec for DevOps, open source vs proprietary, malicious AIs and GDPR

Welcome to the March 2 edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most frequently asked GDPR questions. Synopsys principal scientist Sammy Migues explores why enterprises must have a software security program, while Synopsys technology evangelist […]

Continue Reading...

Posted in Open Source Security | Comments Off on AppSec for DevOps, open source vs proprietary, malicious AIs and GDPR

 

Tech due diligence: Helping PE firms invest with confidence

When the private equity industry was in its infancy in the 1980s, the tech sector was barely on its radar. Tech is now attracting all types of private equity firms, with the sector representing over 40 percent of US buyouts last year, a trend reflecting the global M&A market, in which tech is also the most […]

Continue Reading...

Posted in Legal, Open Source Security | Comments Off on Tech due diligence: Helping PE firms invest with confidence

 

SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

In this week’s open source security and cyber security news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cyber security. The Defense Department (re)launches its open source portal. A look at cyber security through the (virtual) lens […]

Continue Reading...

Posted in Security Standards and Compliance, Software Architecture and Design | Comments Off on SEC and CyberSec risks, GDPR looms, what’s going on with the NVD?

 

Big data breaches, costly cyber attacks, vuln detection for Kubernetes

This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck OpsSight brings open source […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Architecture and Design | Comments Off on Big data breaches, costly cyber attacks, vuln detection for Kubernetes

 

What can we learn from the video game industry’s approach to software security?

The video game market is a $100+ billion industry. Some of the most complex software developed today is for video games, using clients, servers, web components, monetary transfers, social interactions, and virtual markets—with every part needing security. Video games are attractive and lucrative targets for hackers, especially when it comes to cheating and piracy. With […]

Continue Reading...

Posted in General | Comments Off on What can we learn from the video game industry’s approach to software security?