Software Integrity Blog

Archive for the 'Open Source Security' Category

 

Need a vulnerability assessment yesterday? Consider a Black Duck Audit

When you don’t have any time or resources to spare, Black Duck Audits provide a deep, accurate, rapid vulnerability assessment, plus remediation guidance.

Continue Reading...

Posted in Open source and software supply chain risks, Open Source Security

 

Black Duck Audits: Not just for M&A

If you don’t have an SCA tool, a software audit can give you a bill of materials needed for product releases, vendor requirements, and procuring insurance.

Continue Reading...

Posted in Mergers & Acquisitions, Open source and software supply chain risks, Open Source Security

 

Why developers need a supplemental source to NVD vulnerability data

The NVD is a good source for open source vulnerability data. But with an average 27-day reporting delay, it shouldn’t be your only source of information.

Continue Reading...

Posted in Open source and software supply chain risks, Open Source Security, Software Composition Analysis (SCA)

 

[Webinars] Vulnerability reports, application security for DevOps and CI/CD

Learn how vulnerability reports can help you fix critical vulnerabilities effectively, and the essentials of application security for DevOps and CI/CD.

Continue Reading...

Posted in Agile, CI/CD, & DevOps, Open Source Security, Software Composition Analysis (SCA), Software Security Program, Webinars

 

[Infographic] Key findings from the 2020 OSSRA report

Our 2020 OSSRA infographic shows key findings and open source trends from the Synopsys Open Source Security and Risk Analysis report. Download the free PDF.

Continue Reading...

Posted in Open Source Security, Security news and research

 

5 key takeaways from the 2020 Open Source Security and Risk Analysis report

Our analysis of 1,250+ codebases reveals trends in open source use, security, and license compliance that affect development, security, and legal teams.

Continue Reading...

Posted in Open Source Security, Security news and research

 

[Webinars] Open source governance, secure development

Learn about the 2020 OSSRA report findings and what they mean for open source governance, and why all software development should be secure development.

Continue Reading...

Posted in Developer Enablement, Open Source Security, Webinars

 

5 types of software licenses you need to understand

Different types of software licenses require you to meet certain obligations if you want to reuse the code. Here are 5 common types of software licenses.

Continue Reading...

Posted in Managing security risks, Open Source Security

 

What is the Ghostcat vulnerability (CVE-2020-1938)?

Ghostcat (CVE-2020-1938) is an Apache Tomcat vulnerability that allows remote code execution in some circumstances. Here’s how to find and mitigate it.

Continue Reading...

Posted in Application Security, Open Source Security, Security news and research

 

How to deal with legacy vulnerabilities

Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?

Continue Reading...

Posted in Application Security, Managing security risks, Open Source Security