Software Integrity

Archive for the 'Black Duck by Synopsys' Category

 

The Apache Software Foundation can take a joke, but not when it comes to licensing

The Apache Software Foundation’s legal group is an interesting microcosm in which to study open source license issues. Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. So their open discussions are useful to monitor if you want to keep tabs […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses

 

Everything you need to know about Black Duck Security Advisories

When we released Black Duck 4.4, we announced the creation of our own Black Duck Security Advisories (BDSAs). BDSAs offer a more complete and in-depth view of your vulnerabilities. Since then, many of our customers have reached out with various questions. I’m here to provide a brief overview of some of the differences between standard NVD […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Security

 

Software composition analysis & the secret ingredients for a successful M&A

Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security, Software Composition Analysis

 

Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security

 

Celebrating freedom with free beer

America is unique (beyond being the only place on the planet not distracted by the World Cup). Amid heaps of controversy over our national identity, freedom remains central to the American culture and spirit. And so as we in the United States enjoy our hot dogs, beers, and fireworks on the Fourth of July, it […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses

 

Open source issues in an M&A target’s code: How do you know?

Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses

 

Microsoft acquires GitHub, Election Insecurity, and Ticketfly data breach

  Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and unsecurity in this week’s Security Mashup episode. What’s in this week’s Security Mashup episode, you ask? GitHub acquired by Microsoft, election insecurity persists, and the Ticketfly data breach.  Play this week’s episode below:   Microsoft has snapped up […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, Open Source Security, Weekly Security Mashup

 

Announcing OpsSight Container Security 2.0 GA

Containers have restructured the way we think about our infrastructure, bringing development and operations teams closer together than ever before, and placing applications center stage in the infrastructure environment. Teams are massively scaling containerized deployments with Kubernetes and Kubernetes-based solutions, like Red Hat’s enterprise-grade container orchestration platform, OpenShift Container Platform. But in containerized deployments, because […]

Continue Reading...

Posted in Black Duck by Synopsys, Containers

 

We’re a 2018 NEVY Awards finalist for Cybersecurity Company of the Year

New England is a crowded space when it comes to cyber security, technology, and innovation, which is why we’re so honored to be named a finalist for the Cybersecurity Company of the Year Award in the 2018 NEVY Awards, hosted by the New England Venture Capital Association (NEVCA) and presented by Bristol-Myers Squibb. Believe me, […]

Continue Reading...

Posted in Black Duck by Synopsys

 

Webinar: DevSecOps best practices with Synopsys and GitHub

As firms consistently strive to become more agile, cloud and containers can help them build software faster and deliver continuously. At the same time, many firms fear that adding security to DevOps practices can severely slow down processes. With GitHub and Black Duck by Synopsys, firms can automate secure development workflows, shift security left, and […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevOps, Open Source Security