Coding bootcamps fill development seats fast—but the trade-off for speed is security. How do you fill the security training gaps in your developers’ education?
Posted in Security Training | Comments Off on Coding bootcamps need to get real about secure coding practices
Any tradesperson, specialist, expert, aficionado, or technologist will tell you that the key to a quality outcome is a set of tools specific to the project and oriented to the goal. The realm of software security and secure DevOps is no exception to this truth, and in Black Duck’s version 4.5 release, we further hone the functions and controls used by development and security teams around the globe to establish the most effective tool for the job: to build secure, high-quality software faster.
Identify open source code fragment reuse (snippet matching)
Let’s start by introducing one of the most-requested enhancements to Black Duck: the ability to find open source code snippets in applications. Snippets are fragments of open source code that compose a larger open source component and that may carry with them license requirements present in their source component.
Join the conversation in the Synopsys Community.
Now, in Black Duck 4.5, organizations can be assured that they are tracking more open source in their applications than ever before. Users can choose to run an optional snippet scan for nonmatched files following a component scan, identifying components with the highest match prevalence to the detected snippets. Black Duck 4.5’s snippet matching supports nearly 150 file extensions and 75 languages and optimizes performance with delta scanning.
Role-based capabilities to support enterprises
Modern development and release processes often require the persistent involvement of an array of contributors, each serving a distinct role and requiring access to relevant project information. In enterprise organizations, concerns often arise surrounding unnecessary or unrestricted access to projects or overprovisioning of activity rights.
Posted in Open Source Security, Software Composition Analysis | Comments Off on Fine-tuning roles, controlling licenses, and matching code snippets in Black Duck 4.5
The spirit of open source can be summarized as trust in the development community to work together to create, evolve, and maintain software products with such transparency that others can leverage these accomplishments for further innovation. It is this spirit that Black Duck by Synopsys seeks to recognize each year with its Open Source Rookies of the Year report, in which we honor the most innovative and influential open source projects released to the community the previous year. Congratulations to each Open Source Rookie!
Posted in Open Source Security | Comments Off on What it takes to be an Open Source Rookie
The rapid growth of custom and open source applications deployed in businesses worldwide means that all companies have significant software assets. In some industries, agile development and open source software have enabled a technological evolution, to the point of creating new business models. FinTech is one example of an industry established around technologies, delivering automated and self-service financial solutions across platforms.
Posted in Financial Services Security, Open Source Security, Security Standards and Compliance | Comments Off on FinTech compliance is evolving to safeguard your information
If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source. And if you’re on the lookout for your next acquisition, you’ll be evaluating targets replete with open source. Synopsys recently found that proprietary applications we audit are 36% open source on average.
Posted in General, Open Source Security | Comments Off on Understanding the hows and whys of open source audits