Software Integrity Blog

Author Archive

Shandra Gemmiti

shandra-gemmiti

Shandra is Director of Marketing for Black Duck’s On-Demand Audit business. She is responsible for developing and executing marketing strategies that drive Black Duck On-Demand product adoption. She spent the last 13 years in the technology industry both as a marketer and a corporate strategy professional and especially enjoys being able to use that experience to understand the Black Duck On-Demand customer and their unique tech diligence needs.


Posts by Shandra Gemmiti:

 

How to manage open source risks using Black Duck SCA

Open source risk goes beyond application security. Legal, operational, and supply chain implications demand a capable solution like Black Duck SCA.

Continue Reading...

Posted in Open source and software supply chain risks, Software Composition Analysis (SCA)

 

Things to consider when choosing a software composition analysis tool

The rise of open source software is not without risks for today’s applications. Use a software composition analysis tool to mitigate these risks.

Continue Reading...

Posted in Building secure software, Software Composition Analysis (SCA)

 

Four requirements for open source vulnerability management in a DevOps environment

Most applications contain open source code, which can expose companies to risks if left unchecked. Make the most of your open source vulnerability management with the right approach and tooling.

Continue Reading...

Posted in Open source and software supply chain risks

 

Open source audits: The secret ingredient for successful M&A

Identifying open source in the target’s codebase is essential to M&A transactions involving software. Open source audits go far beyond what SCA can provide.

Continue Reading...

Posted in Managing security risks, Mergers & Acquisitions, Open Source Security

 

Need a vulnerability assessment yesterday? Consider a Black Duck Audit

When you don’t have any time or resources to spare, Black Duck Audits provide a deep, accurate, rapid vulnerability assessment, plus remediation guidance.

Continue Reading...

Posted in Open source and software supply chain risks, Open Source Security

 

The advanced license compliance functionality you didn’t know your SCA tool needed

Open source license noncompliance can have severe implications. Here are four advanced license compliance features that help protect your proprietary code.

Continue Reading...

Posted in Open source and software supply chain risks, Software Composition Analysis (SCA)

 

Black Duck Audits: Not just for M&A

If you don’t have an SCA tool, a software audit can give you a bill of materials needed for product releases, vendor requirements, and procuring insurance.

Continue Reading...

Posted in Mergers & Acquisitions, Open source and software supply chain risks, Open Source Security

 

How do you effectively remediate the increasing sea of vulnerabilities?

With applications containing more and more open source, and 40+ vulnerabilities disclosed daily, how do you prioritize your remediation efforts?

Continue Reading...

Posted in Application Security, Open source and software supply chain risks, Open Source Security, Software Composition Analysis (SCA)

 

Cyber security audits top due diligence checklists

In a study by (ISC)2, all executives and M&A professionals surveyed agreed that cyber security audits have become standard practice in tech due diligence.

Continue Reading...

Posted in Mergers & Acquisitions, Open source and software supply chain risks, Open Source Security

 

Top 3 reasons to choose Black Duck

What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations.

Continue Reading...

Posted in Open source and software supply chain risks, Open Source Security, Software Composition Analysis (SCA)