Software Integrity

Archive for the 'Open Source Security' Category

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Application Security, Containers, Data Breach, Internet of Things, Open Source Security | No Comments »

 

Webinar: DevSecOps best practices with Synopsys and GitHub

As firms consistently strive to become more agile, cloud and containers can help them build software faster and deliver continuously. At the same time, many firms fear that adding security to DevOps practices can severely slow down processes. With GitHub and Black Duck by Synopsys, firms can automate secure development workflows, shift security left, and […]

Continue Reading...

Posted in Application Security, Black Duck by Synopsys, DevOps, Featured, Open Source Security | No Comments »

 

What’s in your containers?, Spring Break vulnerability, cyber security in healthcare

Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of […]

Continue Reading...

Posted in Blockchain Security, Containers, Data Breach, Healthcare Security, Open Source Security | No Comments »

 

3 secret reasons you must join us at FLIGHT Amsterdam

I’m terrible at keeping exciting things a secret…especially from my favorite customers. So here we go: These are the three secret reasons you need to register for FLIGHT EMEA: Customer training If you’ve joined our customer training sessions before, you know that our Black Duck Academy expert, Pat Durante, will share a lot of insight […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Security | Comments Off on 3 secret reasons you must join us at FLIGHT Amsterdam

 

Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]

Continue Reading...

Posted in Application Security, Open Source Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

 

Open source vulnerabilities: Are you prepared to run the race?

Originally posted on SecurityWeek.  After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen. As the use of open source continues to rise, many organizations are putting […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on Open source vulnerabilities: Are you prepared to run the race?

 

Synopsys strengthens Software Integrity Platform with Black Duck acquisition

Today, Synopsys completed the acquisition of Black Duck Software, a well-respected, established leader in Software Composition Analysis (SCA), which helps organizations identify open source components in their software and check those components for known security vulnerabilities. The two companies are strategically aligned, with a shared vision of building security and quality into the software development […]

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on Synopsys strengthens Software Integrity Platform with Black Duck acquisition

 

Examining open source security and the road ahead in the 2017 Coverity Scan Report

Coverity Scan’s impact on open source software (OSS) is both extensive and largely unacknowledged. Since its inception, Scan has enabled developers to fix over 600,000 defects across some of the most important projects in open source. As part of that effort, it has also helped improve the maturity of the software development practices of active […]

Continue Reading...

Posted in Application Security, Open Source Security, Static Analysis (SAST) | Comments Off on Examining open source security and the road ahead in the 2017 Coverity Scan Report

 

Eliminate cyber supply chain security vulnerabilities at the point of introduction

Nordic IT Security is the key meeting place for the brave new world of IT security. On November 7, 2017, at the upcoming premier security conference, Synopsys’ Michael White presents an actionable and inspiring talk on how to enhance security measures throughout the software development life cycle (SDLC). What to expect at the Nordic IT […]

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on Eliminate cyber supply chain security vulnerabilities at the point of introduction

 

Did an Apache Struts vulnerability trigger the Equifax hack?

In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Did an Apache Struts vulnerability trigger the Equifax hack?