Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Forrester recognizes Synopsys as a leader in software composition analysis

Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.”

Continue Reading...

Posted in Featured, Open Source Security, Software Composition Analysis | Comments Off on Forrester recognizes Synopsys as a leader in software composition analysis

 

Sorting through open source license risks

Software audits are the best way to uncover open source license risks before you go to production. Here’s how our audit group categorizes license risks.

Continue Reading...

Posted in Open Source Security | Comments Off on Sorting through open source license risks

 

New Synopsys Polaris platform optimized for Red Hat OpenShift Container Platform

Open source is eating software, but Red Hat and Synopsys help you build and deploy containers more securely and at scale.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on New Synopsys Polaris platform optimized for Red Hat OpenShift Container Platform

 

The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)

 

3 takeaways from “Managing the Business Risks of Open Source” webinar

Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on 3 takeaways from “Managing the Business Risks of Open Source” webinar

 

Announcing Black Duck OpsSight 2.2—Container security at scale 

With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Announcing Black Duck OpsSight 2.2—Container security at scale 

 

Preparing for an open source audit: Which software assets are worth analyzing?

In an open source software audit, you should scan all software assets required to build your applications. But how do you identify and locate them?

Continue Reading...

Posted in Open Source Security | Comments Off on Preparing for an open source audit: Which software assets are worth analyzing?

 

The future of open source software: More of everything

The past decade charts the reach of open source into every industry. But what does the future of open source hold? Here are some open source predictions.

Continue Reading...

Posted in Open Source Security | Comments Off on The future of open source software: More of everything

 

Top 10 FOSS legal developments in 2018

2018 saw developments in many free and open source software legal issues, including copyright, license compliance, patent nonaggression, and antitrust law.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Top 10 FOSS legal developments in 2018

 

Hacking Security Episode 3: OSSRA report findings

Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report.

Continue Reading...

Posted in General, Open Source Security, Software Composition Analysis | Comments Off on Hacking Security Episode 3: OSSRA report findings