Open source might be free, but it’s not risk-free. Let’s examine the potential legal cost of open source use associated with license noncompliance.
For Thanksgiving, let’s talk about what we’re thankful for: the trends, processes, and technologies that have had a positive impact on software security.
Posted in Agile, CI/CD & DevOps, Application Security, Cloud Security, Featured, Software Compliance, Quality & Standards | Comments Off on Ask the Experts: How has software security improved in the last few years?
You can use the 2019 CWE Top 25 to help focus your application security efforts. Learn more about this list of the 25 most dangerous software weaknesses.
Posted in Software Compliance, Quality & Standards | Comments Off on How the 2019 CWE Top 25 can boost your application security
Learn how to improve software security using evidence-based standards, and why you should inspect design and code quality during technical due diligence.
MITRE’s 2019 CWE Top 25 list contains many code quality issues that can result in security vulnerabilities. Static analysis can help you mitigate them.
Tech M&A typically evaluates security and legal risks, but what about software quality risks? Poor code and architecture quality can have a lasting impact.
We recently saw the first settlement by a company charged under the False Claims Act for failing to meet cyber security standards. Is there more to come?
Posted in Software Compliance, Quality & Standards | Comments Off on The False Claims Act: 156 years old and newly relevant to software security
Many companies are relaxed about reusing software under the Beerware License and similar open source licenses. But not all such licenses are created equal.
The list of regulatory compliance challenges facing companies grows longer every time a new regulation is introduced. But do security regulations even work?
Posted in Software Compliance, Quality & Standards | Comments Off on Awash in regulations, companies struggle with compliance