Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Coverity & Black Duck together. Better. Faster. Stronger.

Using static code analysis (SAST) and software composition analysis (SCA) together makes your software development process better, faster, and stronger.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA), Static Analysis (SAST) | Comments Off on Coverity & Black Duck together. Better. Faster. Stronger.

 

[Webinars] DevSecOps best practices, AppSec tools, and the year in open source

Learn more about DevSecOps best practices, application security tools and features, and key legal developments related to open source in 2019.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security, Open Source Security, Webinars | Comments Off on [Webinars] DevSecOps best practices, AppSec tools, and the year in open source

 

Open source for lawyers: Ongoing implications of open source use

Ongoing legal considerations associated with open source use include license enforcement, dual licensing, and deciding whether to license out your own code.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Open source for lawyers: Ongoing implications of open source use

 

Open source for lawyers: Challenges of open source use

Open source is widespread because it’s easy to use. But it comes with unique security challenges, and poor open source management can be a costly liability.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Open source for lawyers: Challenges of open source use

 

[Webinars] Container security, tool misuse and abuse, open source in M&A

Learn how containerization changes the security paradigm, how to prevent security tool misuse, and what M&A participants should know about open source.

Continue Reading...

Posted in Container Security, Mergers & Acquisitions, Open Source Security, Software Security Program, Webinars | Comments Off on [Webinars] Container security, tool misuse and abuse, open source in M&A

 

What is a software bill of materials?

With a software bill of materials (software BOM), you can respond quickly to the security, license, and operational risks that come with open source use.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on What is a software bill of materials?

 

JDA Software: Extending their SDLC to remediate open source issues

Smart organizations in the business of building software need to use a mix of application testing tools to ensure their code is high-quality and secure.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA) | Comments Off on JDA Software: Extending their SDLC to remediate open source issues

 

Open source for lawyers: Costs of open source use

Open source might be free, but it’s not risk-free. Let’s examine the potential legal cost of open source use associated with license noncompliance.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Open source for lawyers: Costs of open source use

 

[Webinars] CI/CD optimization and automated testing, open source audit reports

Learn how our CloudBees partnership helps users optimize CI/CD and automate AppSec Testing, and steps to take after you get an open source audit report.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Mergers & Acquisitions, Open Source Security, Webinars | Comments Off on [Webinars] CI/CD optimization and automated testing, open source audit reports

 

[Webinars] How to risk rank vulnerabilities, insights from BSIMM10

Learn about five ways to approach risk ranking in vulnerability management, and hear key insights into real-life software security programs from BSIMM10.

Continue Reading...

Posted in Open Source Security, Software Security Program, Webinars | Comments Off on [Webinars] How to risk rank vulnerabilities, insights from BSIMM10