SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.
Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.
With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.
In an open source software audit, you should scan all software assets required to build your applications. But how do you identify and locate them?
Posted in Open Source Security | Comments Off on Preparing for an open source audit: Which software assets are worth analyzing?
The past decade charts the reach of open source into every industry. But what does the future of open source hold? Here are some open source predictions.
Posted in Open Source Security | Comments Off on The future of open source software: More of everything
2018 saw developments in many free and open source software legal issues, including copyright, license compliance, patent nonaggression, and antitrust law.
Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report.
Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.
The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.
The EventStream incident shows just how easily attackers can infiltrate the open source software supply chain by adding a malicious dependency to a trusted component.