Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Announcing Synopsys as an OpenChain Project third-party certifier

Synopsys can measure the maturity of security activities within an open source management framework in compliance with the OpenChain standard and ISO/IEC 5230:2020.

Continue Reading...

Posted in News & Announcements, Open Source Security

 

What’s new in the 2021 ‘Open Source Security and Risk Analysis’ report

As the use of open source has grown, so has the number of vulnerabilities. Uncover the latest findings from the 2021 OSSRA report.

Continue Reading...

Posted in Open Source Security

 

Open source license compliance and dependencies: Peeling back the licensing layers

How can you successfully navigate open source license compliance? Start with the right tools to identify your dependences and calculate their risks.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security

 

AppSec Decoded: Why organizations can’t ignore open source security

In this AppSec Decoded interview, we discuss the security and legal risks companies face when open source security vulnerabilities are ignored.

Continue Reading...

Posted in Open Source Security

 

Assessing the state of mobile application security through the lens of COVID-19

Are today’s mobile apps secure or do they offer opportunities for attackers? Learn about the state of mobile application security in our new report.

Continue Reading...

Posted in Mobile App Security, Open Source Security

 

The 411 on Stack Overflow and open source license compliance

Developer communities like Stack Overflow are a great resource for your open source projects, but proper due diligence is required to manage compliance risks.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Software Compliance, Quality & Standards

 

What the 2021 OSSRA report tells us about the state of open source in commercial software

Open source vulnerabilities are on the rise according to the new OSSRA report. Get the latest information on open source security, compliance, and code quality risk.

Continue Reading...

Posted in Open Source Security

 

AppSec Decoded: What are organizations doing to manage open source vulnerabilities?

In this AppSec Decoded interview, we look at the top takeaways from the ‘DevSecOps Practices and Open Source Management in 2020’ report. 

Continue Reading...

Posted in Open Source Security

 

Discovery capabilities: A core differentiator for Black Duck SCA

Stay on top of open source vulnerabilities and license obligations with discovery capabilities from Black Duck.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)

 

Demystifying CVSS Scoring

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Continue Reading...

Posted in Open Source Security