Until you ask, you don’t know how much open source a target has used, what components it uses, or what open source issues might be latent therein. That’s why open source questions are on the checklist of virtually every acquirer in a tech transaction. And the unfortunate reality is that even asking good questions doesn’t […]
Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week, including news on North Korea hacking, the remote code execution vulnerability exposed in JScript, and how the World Cup 2018 might be a ripe target for cybercrime. Read on! The Cybersecurity 202: North Korea is […]
A slight change of pace for this week’s issue of Software Integrity Insight, as we focus on the release of the 2018 Open Source Security and Risk Analysis, which analyzes the audit results of over 1,100 commercial codebases from over 500 organizations and examines the open source security and licensing news of 2017. We think […]
2017 was a tumultuous year in the world of open source software. A massive data breach at Equifax exposed millions of U.S., U.K., and Canadian residents’ sensitive personal and financial information and gained widespread media attention. As open source software becomes embedded in our everyday lives, not only through our phones and computers but through […]
Any tradesperson, specialist, expert, aficionado, or technologist will tell you that the key to a quality outcome is a set of tools specific to the project and oriented to the goal. The realm of software security and secure DevOps is no exception to this truth, and in Black Duck Hub’s version 4.5 release, we further […]
Soon after Black Duck merged with Synopsys, I wrote about my initial impressions of the company, specifically as a home for the Black Duck On-Demand audit business. By way of update, in short, my initial, positive impressions hold. This is the right place for Black Duck and the audit business that so many in the […]
Posted in Open Source Licenses | Comments Off on Black Duck On-Demand and Synopsys: Running the walk
The spirit of open source can be summarized as trust in the development community to work together to create, evolve, and maintain software products with such transparency that others can leverage these accomplishments for further innovation. It is this spirit that Black Duck by Synopsys seeks to recognize each year with its Open Source Rookies of the […]
On 7 March 2018, an appeal hearing in a GPLv2 enforcement case took place before the Higher Regional Court of Cologne (docket no. 6 U 162/17). In October 2017, the plaintiff Patrick McHardy had been successful in obtaining a very broad preliminary injunction covering the entire Linux kernel against Geniatech, the producer of the EyeTV […]
Posted in Open Source Licenses | Comments Off on Who owns Linux?
Developing an open source project can seem daunting at times. Finding time to dedicate to a project can be difficult, and when it finds success, reported issues and proposed changes to review can seem endless. Selecting open source libraries to use is no easier — you must make a choice between multiple options, and short […]
If you have reviewed any Black Duck On-Demand audit reports recently, you may have noticed improvements in the legal tab and the way we report on findings. The new report format has received some very positive reviews, the theme being that it makes reported results more actionable.