Software Integrity Blog

Archive for the 'Legal' Category

 

Celebrating freedom with free beer

America is unique (beyond being the only place on the planet not distracted by the World Cup). Amid heaps of controversy over our national identity, freedom remains central to the American culture and spirit. And so as we in the United States enjoy our hot dogs, beers, and fireworks on the Fourth of July, it […]

Continue Reading...

Posted in Legal, Open Source Security

 

Open source issues in an M&A target’s code: How do you know?

Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t […]

Continue Reading...

Posted in Legal, Open Source Security

 

SCA for DevOps, DHS security, securing open source for GDPR, CVE gap

This week’s Open Source Insight examines software composition analysis and how it fits into DevOps. It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Legal, Open Source Security

 

Enhanced legal tab in Black Duck On-Demand audit reports

If you have reviewed any Black Duck On-Demand audit reports recently, you may have noticed improvements in the legal tab and the way we report on findings. The new report format has received some very positive reviews, the theme being that it makes reported results more actionable.

Continue Reading...

Posted in Legal, Open Source Security

 

Tech due diligence: Helping PE firms invest with confidence

When the private equity industry was in its infancy in the 1980s, the tech sector was barely on its radar. Tech is now attracting all types of private equity firms, with the sector representing over 40 percent of US buyouts last year, a trend reflecting the global M&A market, in which tech is also the most […]

Continue Reading...

Posted in Legal, Open Source Security

 

When software is the company, tech due diligence is critical

AccessOne CTO Connor Gray knows that tech due diligence is essential in an M&A to learn about the potential security and operational risks from a target’s use of open source.

Continue Reading...

Posted in Legal, Open Source Security

 

Black Duck by Synopsys: Being part of our kind of company

In the wake of selling Black Duck to Synopsys, it’s really interesting work through all facets of integration. An energizing journey it is to learn a new company, something I have not experienced in nearly a decade. Soon after we announced, I explained to my dad some of my experiences interacting with the organization, and […]

Continue Reading...

Posted in Legal, Open Source Security

 

Is breach of the GPL license breach of contract?

There have been interesting developments on the GPL enforcement front of late. Earlier this year, a court in the Northern District of California (in the case of Artifex Software, Inc. v. Hancom, Inc., which was recently settled out of court) found that breach of the GPL license was also a breach of contract. Later, in […]

Continue Reading...

Posted in Legal, Open Source Security

 

Facebook to open source community: Let’s make up

The cries for revolt rang loudly within the open source community, as discussed in my prior post on this subject, and there is apparently insufficient soundproofing at Facebook headquarters to shield its denizens from the cacophony. Facebook has announced that it will release its popular open source React, Jest, Flow and Immutable.js projects under the […]

Continue Reading...

Posted in Legal, Open Source Security, Security Standards and Compliance

 

Equifax reminds us: Open source audits are only a first step

The Equifax disaster underscores the importance of vigilance even after completing open source audits, particularly with respect to security vulnerabilities. Much has been written about the recent breach. Here’s a good overview. In a nutshell, germane to this discussion, the exploited vulnerability was in a popular open source component, Apache Struts, that was made public […]

Continue Reading...

Posted in Data Breach, Legal, Open Source Security