Software Integrity Blog

Author Archive

Neal Goldman

neal-goldman

Mr. Goldman’s background encompasses 25 years of product management, marketing, and business development experience at a variety of technology vendors. Prior to Black Duck, he was a principal product manager at EMC and previously was vice president of product management and marketing at Gryphon Networks. Mr. Goldman has held a variety of senior marketing and product management positions at such companies as Akamai, FTP Software, and Symantec. In addition to his product management experience, he has been an industry analyst at the Yankee Group and managed corporate development for Dr. Solomon’s Software, where he managed strategic alliances, technology licensing, and mergers and acquisitions. He is the author of "The Complete Idiot's Pocket Reference to the Internet." Mr. Goldman holds an undergraduate degree from Tufts University and an MBA from the University of North Carolina, Chapel Hill. Neal’s passion is sailboat racing. You can find him racing at MIT from April to October and in the harbor any given Saturday throughout the winter.


Posts by Neal Goldman:

 

Black Duck OpsSight brings open source vulnerability detection to Kubernetes

This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the open source security of their application deployment environments.

Continue Reading...

Posted in Open Source Security, Software Architecture and Design | Comments Off on Black Duck OpsSight brings open source vulnerability detection to Kubernetes

 

Black Duck and Google Grafeas: Improving container visibility and security

Containers offer many advantages over monolithic applications, packaged as VMs. Most importantly, a container image is immutable, easily built and deployed without reliance on permanent infrastructure. Nevertheless, containers are a challenge to IT operations teams, who need full visibility and control of their software supply chain to implement security and governance policies. To address this problem, today Google announced Grafeas, an Open Source Project that provides a flexible verification framework to connect components deployed in production with their origins. Grafeas is a metadata API that aggregates information about all the software components in a container, including package descriptions, build and deployment histories, and known component vulnerabilities. The Grafeas API can be used to store, query, and retrieve comprehensive metadata on software components of all kinds.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Open Source Security | Comments Off on Black Duck and Google Grafeas: Improving container visibility and security