Software Integrity Blog

Author Archive

Yev Bronshteyn


Yev Bronshteyn is a senior software engineer at Black Duck by Synopsys and a member of the SPDX Working Group’s technical team. His past engineering positions include eBay and Progress Software.

Posts by Yev Bronshteyn:


Power(Shell) to the people

Type less, write cleaner scripts, run consistently across platforms, and other reasons why Linux and OS X users can fall in love with PowerShell.

Continue Reading...

Posted in Building secure software


4 key differences moving from Java to .NET Core

Getting started with .NET Core? If you’re exploring C#, you’ll find it borrows much from Java. Here are a few key differences between Java and .NET Core.

Continue Reading...

Posted in Security news and research


.NET component vulnerability analysis in production

At Black Duck, we’ve been excited to participate in the flurry of growth in the .NET ecosystem. Our Visual Studio Extension helps developers detect open source risks early, when it is easiest and most cost-effective to eliminate them. However, in some cases, a Visual Studio project or any build file or other composition metadata may not be available. Perhaps an application’s source code (and the component data that comes with it) has been lost. Perhaps the application was provided by a vendor who has never made the source code available in the first place. Or perhaps, in addition to scanning application dependencies, we want to include the actual production runtime in our scan. Is such component analysis possible? 

Continue Reading...

Posted in Security news and research, Software Architecture & Design


Tackling visibility in microservices

Are modern enterprise software architectures doomed to produce suboptimal processes and outcomes? Today, enterprise architects value componentization perhaps more than ever before, given the mass glorification of microservices. Microservices are loosely defined as isolated, independent components designed to address a singular business need. Sounds great, until you consider that with this architecture, the creator(s) and the consumer(s) of any service are likely to become rigorously isolated from each other, the API boundary falling like an iron curtain between them.

Continue Reading...

Posted in Managing security risks