Software Integrity

Archive for the 'Open Source Security' Category

 

Facing off with Google, Snap out of it, and Password protection

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, Snap out of it, and Password protection. Watch this week’s episode taped live at Black Hat USA 2018. Inside Google’s plan […]

Continue Reading...

Posted in Data Breach, Open Source Licenses, Open Source Security, Security Conference or Event, Weekly Security Mashup

 

Everything you need to know about Black Duck Security Advisories

When we released Black Duck 4.4, we announced the creation of our own Black Duck Security Advisories (BDSAs). BDSAs offer a more complete and in-depth view of your vulnerabilities. Since then, many of our customers have reached out with various questions. I’m here to provide a brief overview of some of the differences between standard NVD […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Security

 

Software composition analysis & the secret ingredients for a successful M&A

Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security, Software Composition Analysis

 

Third-party security, Russian grid meddling, and patch Apache!

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below: , Robotics supplier’s sloppy security leaks 10 years’ […]

Continue Reading...

Posted in Application Security, Internet of Things, Open Source Security, Weekly Security Mashup

 

Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so […]

Continue Reading...

Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security

 

Ghost GPS routes, SmartTVs are watching you, and securing open source

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Ghost route GPS hacks, SmartTVs are watching you, and securing open source. Watch the latest episode below:     A $225 GPS spoofer can send […]

Continue Reading...

Posted in Application Security, Automotive Security, Open Source Security, Weekly Security Mashup

 

Third parties spoil the party and WordPress content mismanagement

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? FastBooking and BetVictor third parties spoil the security party, and a WordPress security flaw allows hackers to hijack entire websites. Watch to learn more: Hundreds […]

Continue Reading...

Posted in Application Security, Open Source Security, Weekly Security Mashup

 

Creating a secure SDLC, solving open source’s biggest problem, government unprepared for cyber attacks

The cyber security and open source security news that made headlines this week! Synopsys: Changing our culture to follow a secure software development life cycle Case Study: Like members of many other development teams, Synopsys’ own engineers initially resisted anything that might slow developer productivity. However, their reluctance to adopt security practices during development was […]

Continue Reading...

Posted in Open Source Security, Software Development Life Cycle (SDLC)

 

Traffic systems at risk of cyberattack, Cortana and Alexa news, PyRoMineIoT Cryptojacker

The cyber security and open source security news that made headlines this week! Why isn’t secure DevOps being practiced? via IBM SecurityIntelligence: New research reveals that consistent practice of secure development and operations (DevOps) remains a challenge for organizations across industries. Only half of DevOps teams integrate application security testing elements in continuous integration and […]

Continue Reading...

Posted in Application Security, Internet of Things, Open Source Security

 

Big temperature drop in Hades as Microsoft buys GitHub

The big news for open source last week was Microsoft’s announced purchase of GitHub. A major win for open source? The beginning of the end? Read Software Integrity Insight to see both sides of the coin, as well as the rest of the cyber security and open source security news that made headlines this week! […]

Continue Reading...

Posted in Application Security, Open Source Security