Software Integrity Blog

Archive for the 'Open Source Security' Category

 

The 411 on Stack Overflow and open source license compliance

Developer communities like Stack Overflow are a great resource for your open source projects, but proper due diligence is required to manage compliance risks.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Software Compliance, Quality & Standards

 

What the 2021 OSSRA report tells us about the state of open source in commercial software

Open source vulnerabilities are on the rise according to the new OSSRA report. Get the latest information on open source security, compliance, and code quality risk.

Continue Reading...

Posted in Open Source Security

 

AppSec Decoded: What are organizations doing to manage open source vulnerabilities?

In this AppSec Decoded interview, we look at the top takeaways from the ‘DevSecOps Practices and Open Source Management in 2020’ report. 

Continue Reading...

Posted in Open Source Security

 

Discovery capabilities: A core differentiator for Black Duck SCA

Stay on top of open source vulnerabilities and license obligations with discovery capabilities from Black Duck.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)

 

Demystifying CVSS Scoring

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Continue Reading...

Posted in Open Source Security

 

Six key findings from the ‘DevSecOps Practices and Open Source Management in 2020’ report

Synopsys surveyed 1,500 IT professionals working in cyber security to analyze the DevSecOps practices used to address open source vulnerability management.

Continue Reading...

Posted in Open Source Security

 

Four requirements for open source vulnerability management in a DevOps environment

Most applications contain open source code, which can expose companies to risks if left unchecked. Make the most of your open source vulnerability management with the right approach and tooling.

Continue Reading...

Posted in Open Source Security

 

Open source licenses: No license, no problem? Or … not?

Understand the three common scenarios for why unlicensed open source is found in the codebase and the implications of it being embedded in commercial apps.

Continue Reading...

Posted in Open Source Security

 

TANSTAAFL! The tragedy of the commons meets open source software

Open source projects can become victims of their own success. What can developers do to secure their open source software?

Continue Reading...

Posted in Application Security, Open Source Security

 

[Webinars] OpenChain and open source supply chain security

Learn what OpenChain is, how it works, and how companies around the world are using it to secure their software supply chains and reduce open source risk.

Continue Reading...

Posted in Open Source Security, Webinars