Modern software is a bit like manufacturing: gluing open source components together using proprietary code and tracking everything with a bill of materials.
Learn why an open source security review is key in M&A due diligence, and about the impact of cloud environments on application security considerations.
With advanced policy management and best-in-class vulnerability reports, developers can fix the most critical vulnerabilities quickly and effectively.
You know that static analysis can find code quality defects in your proprietary code. But what are you doing to manage your open source code quality risk?
“Vulnerabilities in the Core,” a report from the Linux Foundation and the Laboratory for Innovation Science at Harvard, offers insight into open source use.
Posted in Open Source Security
2019 saw developments in many free and open source software legal issues, including new models, ethical restrictions, blockchain, and data and cryptography.
Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight
With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.
Learn about the addition of Black Duck to VMware Cloud Marketplace and the benefits and limitations of different types of open source scans.
The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.
Already using static code analysis? Try boosting your application security program with software composition analysis to automate open source management.