Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Facing off with Google, Snap out of it, and Password protection. Watch this week’s episode taped live at Black Hat USA 2018. Inside Google’s plan […]
Continue Reading...
Posted in Data Breach, Open Source Licenses, Open Source Security, Security Conference or Event, Weekly Security Mashup
When we released Black Duck 4.4, we announced the creation of our own Black Duck Security Advisories (BDSAs). BDSAs offer a more complete and in-depth view of your vulnerabilities. Since then, many of our customers have reached out with various questions. I’m here to provide a brief overview of some of the differences between standard NVD […]
Continue Reading...
Posted in Black Duck by Synopsys, Open Source Governance, Open Source Security
Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]
Continue Reading...
Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security, Software Composition Analysis
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Third-party security party poopers, more Russian meddling in the grid, and patch Apache. Watch this episode below: , Robotics supplier’s sloppy security leaks 10 years’ […]
Continue Reading...
Posted in Application Security, Internet of Things, Open Source Security, Weekly Security Mashup
Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so […]
Continue Reading...
Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Ghost route GPS hacks, SmartTVs are watching you, and securing open source. Watch the latest episode below: A $225 GPS spoofer can send […]
Continue Reading...
Posted in Application Security, Automotive Security, Open Source Security, Weekly Security Mashup
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? FastBooking and BetVictor third parties spoil the security party, and a WordPress security flaw allows hackers to hijack entire websites. Watch to learn more: Hundreds […]
Continue Reading...
Posted in Application Security, Open Source Security, Weekly Security Mashup
The cyber security and open source security news that made headlines this week! Synopsys: Changing our culture to follow a secure software development life cycle Case Study: Like members of many other development teams, Synopsys’ own engineers initially resisted anything that might slow developer productivity. However, their reluctance to adopt security practices during development was […]
Continue Reading...
Posted in Open Source Security, Software Development Life Cycle (SDLC)
The cyber security and open source security news that made headlines this week! Why isn’t secure DevOps being practiced? via IBM SecurityIntelligence: New research reveals that consistent practice of secure development and operations (DevOps) remains a challenge for organizations across industries. Only half of DevOps teams integrate application security testing elements in continuous integration and […]
Continue Reading...
Posted in Application Security, Internet of Things, Open Source Security
The big news for open source last week was Microsoft’s announced purchase of GitHub. A major win for open source? The beginning of the end? Read Software Integrity Insight to see both sides of the coin, as well as the rest of the cyber security and open source security news that made headlines this week! […]
Continue Reading...
Posted in Application Security, Open Source Security
