Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Cyber security audits top due diligence checklists

In a study by (ISC)2, all executives and M&A professionals surveyed agreed that cyber security audits have become standard practice in tech due diligence.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Cyber security audits top due diligence checklists

 

Top 3 reasons to choose Black Duck

What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on Top 3 reasons to choose Black Duck

 

[Webinars] NVD data feed alternatives and software security metrics

Learn about a better, faster alternative to NVD vulnerability data feeds and how to measure software security effectiveness and use metrics to drive change.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Webinars | Comments Off on [Webinars] NVD data feed alternatives and software security metrics

 

[Webinar] Black Duck Legal Certification Course

Learn about software due diligence and how to answer your clients’ open source questions in our Black Duck Legal Certification Course.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Webinars | Comments Off on [Webinar] Black Duck Legal Certification Course

 

Introducing Black Duck for Google Cloud Build

To support the launch of Binary Authorization, we’re releasing Black Duck for Google Cloud Build to help ensure your images are free of policy violations.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, News & Announcements, Open Source Security, Software Composition Analysis | Comments Off on Introducing Black Duck for Google Cloud Build

 

Introducing the Black Duck Jira Cloud integration

The Black Duck Jira Cloud integration is based on a flexible, customizable model, backed by the same exemplary Black Duck software composition product.

Continue Reading...

Posted in News & Announcements, Open Source Security, Software Composition Analysis | Comments Off on Introducing the Black Duck Jira Cloud integration

 

Review of Apache Struts vulnerabilities yields 24 updated advisories

We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions.

Continue Reading...

Posted in News & Announcements, Open Source Security | Comments Off on Review of Apache Struts vulnerabilities yields 24 updated advisories

 

The license and security risks of using Node.js

The use of Node.js is rising. But many organizations don’t know about the potential license and security risks that Node.js can pose for their applications.

Continue Reading...

Posted in Open Source Security, Web Application Security | Comments Off on The license and security risks of using Node.js

 

[Webinars] Cloud security and open source licensing

Learn how to adopt a cloud-native model for application security and how to mitigate legal risk by better understanding open source licensing obligations.

Continue Reading...

Posted in Cloud Security, Open Source Security, Webinars | Comments Off on [Webinars] Cloud security and open source licensing

 

3 use cases where source code scanning doesn’t cut it

Binary code analysis tools are essential when you don’t have access to a build environment or source code. Here are some use cases for scanning binary code.

Continue Reading...

Posted in Open Source Security | Comments Off on 3 use cases where source code scanning doesn’t cut it