Software Integrity Blog

Archive for the 'Open Source Security' Category

 

How to Cyber Security: Software is manufacturing

Modern software is a bit like manufacturing: gluing open source components together using proprietary code and tracking everything with a bill of materials.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)

 

[Webinars] Open source in M&A due diligence, cloud application security

Learn why an open source security review is key in M&A due diligence, and about the impact of cloud environments on application security considerations.

Continue Reading...

Posted in Cloud Security, Mergers & Acquisitions, Open Source Security, Webinars

 

[Webinar] Effective Vulnerability Remediation Requires More Than One Data Point

With advanced policy management and best-in-class vulnerability reports, developers can fix the most critical vulnerabilities quickly and effectively.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA), Webinars

 

Code quality and maintenance: Emerging risks of open source use

You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA)

 

There’s no such thing as TMI when it comes to open source software

“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.

Continue Reading...

Posted in Open Source Security

 

Top 10 FOSS legal developments in 2019

2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security

 

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.

Continue Reading...

Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA)

 

[Webinars] Black Duck on VMware Cloud and open source scans

Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.

Continue Reading...

Posted in Open Source Security, Software Composition Analysis (SCA), Webinars

 

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.

Continue Reading...

Posted in Container Security, Open Source Security

 

Taking the next step in your application security program

Already using static code analysis? Try boosting your application security program with software composition analysis to automate open source management.

Continue Reading...

Posted in Application Security, Open Source Security, Software Composition Analysis (SCA)