Software Integrity Blog

Archive for the 'Open Source Security' Category

 

The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.

Continue Reading...

Posted in Maturity Model (BSIMM), Open Source Security, Software Composition Analysis | Comments Off on The hidden costs and risks of free puppies (and open source)

 

3 takeaways from “Managing the Business Risks of Open Source” webinar

Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on 3 takeaways from “Managing the Business Risks of Open Source” webinar

 

Announcing Black Duck OpsSight 2.2—Container security at scale 

With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source.

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Announcing Black Duck OpsSight 2.2—Container security at scale 

 

Preparing for an open source audit: Which software assets are worth analyzing?

In an open source software audit, you should scan all software assets required to build your applications. But how do you identify and locate them?

Continue Reading...

Posted in Open Source Security | Comments Off on Preparing for an open source audit: Which software assets are worth analyzing?

 

The future of open source software: More of everything

The past decade charts the reach of open source into every industry. But what does the future of open source hold? Here are some open source predictions.

Continue Reading...

Posted in Open Source Security | Comments Off on The future of open source software: More of everything

 

Top 10 FOSS legal developments in 2018

2018 saw developments in many free and open source software legal issues, including copyright, license compliance, patent nonaggression, and antitrust law.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Top 10 FOSS legal developments in 2018

 

Hacking Security Episode 3: OSSRA report findings

Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report.

Continue Reading...

Posted in General, Open Source Security, Software Composition Analysis | Comments Off on Hacking Security Episode 3: OSSRA report findings

 

Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.

Continue Reading...

Posted in General, Open Source Security, Webinars | Comments Off on Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

 

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security.

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Security lessons from the House Oversight and Government Reform Committee

 

NPM dependencies, supply chain attacks, and Bitcoin wallets

The EventStream incident shows just how easily attackers can infiltrate the open source software supply chain by adding a malicious dependency to a trusted component.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on NPM dependencies, supply chain attacks, and Bitcoin wallets