Software Integrity Blog

Archive for the 'Software Compliance, Quality & Standards' Category

 

Open source for lawyers: Costs of open source use

Open source might be free, but it’s not risk-free. Let’s examine the potential legal cost of open source use associated with license noncompliance.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Software Compliance, Quality & Standards | Comments Off on Open source for lawyers: Costs of open source use

 

Ask the Experts: How has software security improved in the last few years?

For Thanksgiving, let’s talk about what we’re thankful for: the trends, processes, and technologies that have had a positive impact on software security.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Application Security, Cloud Security, Featured, Software Compliance, Quality & Standards | Comments Off on Ask the Experts: How has software security improved in the last few years?

 

How the 2019 CWE Top 25 can boost your application security

You can use the 2019 CWE Top 25 to help focus your application security efforts. Learn more about this list of the 25 most dangerous software weaknesses.

Continue Reading...

Posted in Software Compliance, Quality & Standards | Comments Off on How the 2019 CWE Top 25 can boost your application security

 

[Webinars] Evidence-based security, design and code quality in tech M&A

Learn how to improve software security using evidence-based standards, and why you should inspect design and code quality during technical due diligence.

Continue Reading...

Posted in Mergers & Acquisitions, Software Compliance, Quality & Standards, Webinars | Comments Off on [Webinars] Evidence-based security, design and code quality in tech M&A

 

Coverity release ties in well to the latest MITRE CWE Top 25

MITRE’s 2019 CWE Top 25 list contains many code quality issues that can result in security vulnerabilities. Static analysis can help you mitigate them.

Continue Reading...

Posted in Software Compliance, Quality & Standards, Static Analysis (SAST) | Comments Off on Coverity release ties in well to the latest MITRE CWE Top 25

 

Quantifying software quality risks in tech M&A

Tech M&A typically evaluates security and legal risks, but what about software quality risks? Poor code and architecture quality can have a lasting impact.

Continue Reading...

Posted in Mergers & Acquisitions, Software Architecture & Design, Software Compliance, Quality & Standards | Comments Off on Quantifying software quality risks in tech M&A

 

The False Claims Act: 156 years old and newly relevant to software security

We recently saw the first settlement by a company charged under the False Claims Act for failing to meet cyber security standards. Is there more to come?

Continue Reading...

Posted in Software Compliance, Quality & Standards | Comments Off on The False Claims Act: 156 years old and newly relevant to software security

 

Let’s Talk Licenses: Beware the Beerware License

Many companies are relaxed about reusing software under the Beerware License and similar open source licenses. But not all such licenses are created equal.

Continue Reading...

Posted in Mergers & Acquisitions, Software Compliance, Quality & Standards | Comments Off on Let’s Talk Licenses: Beware the Beerware License

 

Awash in regulations, companies struggle with compliance

The list of regulatory compliance challenges facing companies grows longer every time a new regulation is introduced. But do security regulations even work?

Continue Reading...

Posted in Software Compliance, Quality & Standards | Comments Off on Awash in regulations, companies struggle with compliance

 

Software quality: It can be a matter of life and death

Safety-critical software powers everything from airplanes to power plants, defib machines, and seatbelts. And quality issues can lead to injury and death.

Continue Reading...

Posted in Software Compliance, Quality & Standards | Comments Off on Software quality: It can be a matter of life and death