Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.”
Software audits are the best way to uncover open source license risks before you go to production. Here’s how our audit group categorizes license risks.
Posted in Open Source Security | Comments Off on Sorting through open source license risks
Open source is eating software, but Red Hat and Synopsys help you build and deploy containers more securely and at scale.
SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.
Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.
With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.
In an open source software audit, you should scan all software assets required to build your applications. But how do you identify and locate them?
Posted in Open Source Security | Comments Off on Preparing for an open source audit: Which software assets are worth analyzing?
The past decade charts the reach of open source into every industry. But what does the future of open source hold? Here are some open source predictions.
Posted in Open Source Security | Comments Off on The future of open source software: More of everything
2018 saw developments in many free and open source software legal issues, including copyright, license compliance, patent nonaggression, and antitrust law.
Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report.