SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks.
Posted in Featured, Maturity Model (BSIMM), Open Source Security, Software Composition Analysis
Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report.
Podcast: Play in new window | Download
Posted in Hacking Security, Open Source Security, Podcasts, Software Composition Analysis
In the Synopsys Software Integrity Group, we test all our products against one another—turning our security into a force multiplier for our customers’ security.
Posted in Software Composition Analysis
The EventStream incident shows just how easily attackers can infiltrate the open source software supply chain by adding a malicious dependency to a trusted component.
Posted in Open Source Security, Software Composition Analysis
I have blogged before about the pervasiveness of open source in applications today. Synopsys and other organizations have been tracking its growth for years, particularly as it relates to the amount of open source code we find in the applications we scan. Our Black Duck On-Demand Audit team scans thousands of applications every year, mostly […]
Posted in Open Source Security, Software Composition Analysis
Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be difficult in containerized production environments, which pose new challenges to application security. Organizations need visibility into the open […]
Posted in Container Security, Open Source Security, Software Composition Analysis
Interactive application security testing (IAST) and software composition analysis (SCA) are powerful technologies—and you need both in your security toolkit.
Posted in Agile, CI/CD & DevOps, Interactive Application Security Testing (IAST), Software Composition Analysis
About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache Software Foundation on Aug. 22. Users of […]
Posted in Data Breach, Open Source Security, Software Composition Analysis
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Lock the vote (election insecurity), “Spamalot” returns for a second act, and SamSam hits a grand slam as a heavy ransomware hitter. Electoral trust meets […]
Posted in Software Composition Analysis, Weekly Security Mashup
When we released Black Duck 4.4, we announced the creation of our own Black Duck Security Advisories (BDSAs). BDSAs offer a more complete and in-depth view of your vulnerabilities. Since then, many of our customers have reached out with various questions. I’m here to provide a brief overview of some of the differences between standard NVD […]
Posted in Open Source Security, Software Composition Analysis
Get the latest Software Integrity news, thought leadership, and more.
