Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Top 3 operational open source risk factors

Consider these three operational open source risk factors when using open source components: version currency, version proliferation, and project activity.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Top 3 operational open source risk factors

 

You’re using open source software, and you need to keep track of it

How should you track open source? It’s almost definitely in your codebase, so the question is not whether to track it but what could happen if you don’t.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on You’re using open source software, and you need to keep track of it

 

[Webinars] Software security metrics and open source security

Learn how to drive your software security initiative with metrics, and get practical advice for open source security with Red Hat, in our new webinars.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Webinars | Comments Off on [Webinars] Software security metrics and open source security

 

Technology company M&A: Do due diligence on SDLC process/tools

Technical due diligence on the target’s SDLC is a must for acquirers in software M&A. What you don’t know about their process and tools could hurt you.

Continue Reading...

Posted in Featured, Mergers & Acquisitions, Open Source Security, Software Composition Analysis | Comments Off on Technology company M&A: Do due diligence on SDLC process/tools

 

Synopsys Software Integrity Group receives Red Hat Partner Award

Synopsys and Red Hat have established a world-class partnership to enable open source management and application security testing in container environments.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Synopsys Software Integrity Group receives Red Hat Partner Award

 

Know your code—and know your stuff!

An open source audit digs into a codebase to see what’s inside. Find out what our audit services team unearthed in the 1,200+ codebases we reviewed in 2018.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Know your code—and know your stuff!

 

[Webinars] Tech due diligence, IAST, and government software

Learn about the magic of IAST, how to uncover the risks of APIs and web services in M&A, and how DoD and government agencies can mitigate software risks.

Continue Reading...

Posted in Interactive Application Security Testing (IAST), Mergers & Acquisitions, Open Source Security, Security Standards and Compliance, Webinars | Comments Off on [Webinars] Tech due diligence, IAST, and government software

 

[Infographic] Findings from the 2019 OSSRA report

Our 2019 OSSRA infographic shows trends and key findings from the latest Synopsys Open Source Security and Risk Analysis report. Download the free PDF.

Continue Reading...

Posted in Open Source Security | Comments Off on [Infographic] Findings from the 2019 OSSRA report

 

[Webinar] Deploy Containers Confidently With Synopsys and Google

In our BinAuthz webinar, Sandra Guo (Google) and Tomas Gonzalez (Synopsys) explain Black Duck’s role in the software signing process. Available on demand.

Continue Reading...

Posted in Cloud Security, Container Security, Open Source Security, Webinars | Comments Off on [Webinar] Deploy Containers Confidently With Synopsys and Google

 

Synopsys and Red Hat OpenShift 4: One smooth Operator!

Building our new Synopsys Operator took some effort, but the results are impressive! Read our tips for creating your own Operator for Red Hat OpenShift.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Synopsys and Red Hat OpenShift 4: One smooth Operator!