Every time we host a Black Duck FLIGHT conference I’m amazed at how much great information there is, how many in-depth discussions happen, and how much I learn from our customers who attend. FLIGHT East 2018 is coming back to Boston Sept. 25–27, and I couldn’t be more excited. We’re still finalizing the agenda, but […]
Continue Reading...
Posted in Black Duck by Synopsys, Containers, Open Source Governance, Open Source Licenses, Open Source Security, Security Conference or Event, Software Composition Analysis
Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Lock the vote (election insecurity), “Spamalot” returns for a second act, and SamSam hits a grand slam as a heavy ransomware hitter. Electoral trust meets […]
Continue Reading...
Posted in Application Security, Software Composition Analysis, Weekly Security Mashup
Open source is everywhere. Researchers have been tracking its growth for years, but because open source is now so pervasive, they are increasingly concerned about the security of applications built on the foundation of open source components. The only way an organization can be sure of the open source in its codebase, other than by […]
Continue Reading...
Posted in Black Duck by Synopsys, Open Source Governance, Open Source Licenses, Open Source Security, Software Composition Analysis
While software grows more complex and the pace of development accelerates, the stakes for building secure software have never been higher. If you’re like most teams embracing a DevOps culture, you’re focused on breaking down silos, streamlining workflows, and cranking out functional software at a nearly continuous clip. Amid all these fundamental changes, how do […]
Continue Reading...
Posted in CI/CD, DevOps, Software Composition Analysis, Static Analysis (SAST)
How can you not love customer feedback when it helps you improve your product? At our recent FLIGHT conference, I had the opportunity to speak to a lot of customers, plus detailed discussions with our Customer Advisory Board members. This knowledge helped us build out the latest release of Black Duck Hub with new features […]
Continue Reading...
Posted in Black Duck by Synopsys, Open Source Security, Software Composition Analysis
Originally posted on SecurityWeek. After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen. As the use of open source continues to rise, many organizations are putting […]
Continue Reading...
Posted in Data Breach, Open Source Security, Software Composition Analysis
Much of today’s software is created using third-party code, and why not? After all, it’s quicker and more cost effective than building it from scratch. Using third-party software, however, comes with its own challenges. The recent State of Software Composition Analysis 2017 report explores these challenges. The report is based on the analysis of 128,782 software […]
Continue Reading...
Posted in Open Source Security, Software Composition Analysis
For years, free and open source software (FOSS) has a had a negative connotation, with some developers forbidden to use it in final software product releases. The obvious downside in avoiding open source is that organizations run the additional risk of introducing avoidable vulnerabilities. For example, an organization with no cryptographic experience should not be […]
Continue Reading...
Posted in Open Source Security, Software Composition Analysis
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report: The State of Software Composition 2017. You can always join the discussion by sending us […]
Continue Reading...
Posted in Application Security, Open Source Security, Software Composition Analysis, Vulnerability Assessment
Software quality and security assurance both concern risk to the organization, but they do so for different reasons. Risk might be mission critical such as software on a scientific robot crawling another planet. Or risk might be associated with sensitive financial information. In the first example the integrity of the software is paramount; it is […]
Continue Reading...
Posted in Code Review, Secure Coding Guidelines, Security Risk Assessment, Software Composition Analysis, Software Security Testing, Vulnerability Assessment
