Software Integrity Blog

Archive for the 'Open Source Security' Category

 

[Webinars] OpenChain and open source supply chain security

Learn what OpenChain is, how it works, and how companies around the world are using it to secure their software supply chains and reduce open source risk.

Continue Reading...

Posted in Open Source Security, Webinars

 

[Webinars] Open source, threat modeling, Node.js security

Hear about the state of open source in our Red Hat partner webinar, discover our approach to threat modeling, and learn how to secure Node.js applications.

Continue Reading...

Posted in Open Source Security, Software Architecture & Design, Web Application Security, Webinars

 

[Webinars] Binary scanning, software supply chain management

In this week’s webinars, we’ll talk about binary scanning techniques and challenges, and how to reduce your risk with software supply chain management.

Continue Reading...

Posted in Open Source Security, Webinars

 

Open source audits: The secret ingredient for successful M&A

Identifying open source in the target’s codebase is essential to M&A transactions involving software. Open source audits go far beyond what SCA can provide.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security

 

Know your code—and know your stuff!

An open source audit digs into a codebase to see what’s inside. Find out what our audit services team unearthed in the 1,250+ codebases we reviewed in 2019.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security

 

Need a vulnerability assessment yesterday? Consider a Black Duck Audit

When you don’t have any time or resources to spare, Black Duck Audits provide a deep, accurate, rapid vulnerability assessment, plus remediation guidance.

Continue Reading...

Posted in Open Source Security

 

Black Duck Audits: Not just for M&A

If you don’t have an SCA tool, a software audit can give you a bill of materials needed for product releases, vendor requirements, and procuring insurance.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security

 

Why developers need a supplemental source to NVD vulnerability data

The NVD is a good source for open source vulnerability data. But with an average 27-day reporting delay, it shouldn’t be your only source of information.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)

 

[Webinars] Vulnerability reports, application security for DevOps and CI/CD

Learn how vulnerability reports can help you fix critical vulnerabilities effectively, and the essentials of application security for DevOps and CI/CD.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security, Software Composition Analysis (SCA), Software Security Program, Webinars

 

[Infographic] Key findings from the 2020 OSSRA report

Our 2020 OSSRA infographic shows key findings and open source trends from the Synopsys Open Source Security and Risk Analysis report. Download the free PDF.

Continue Reading...

Posted in Open Source Security