Software Integrity Blog


GitHub finds 4M flaws, IAST Magic Quadrant, 2018 Open Source Rookies

GitHub Finds 4 Million Flaws, IAST Magic Quadrant, 2018 Open Source Rookies

A big news week for Synopsys as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cyber security news in this week’s Open Source Insight!

Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing

via Synopsys Software Integrity blog: I’m proud to report that the 2018 Gartner Magic Quadrant for Application Security Testing has positioned Synopsys as a leader for the second consecutive year. This designation clearly illustrates our growing vision and ability to execute on our solutions. For more information, download your copy of the 2018 Gartner Magic Quadrant for Application Security Testing. 

GitHub inspection discovers 4 million flaws In public code

via Silicon UK: “In general, we support initiatives like GitHub’s Security Alerts as they aim to help open source project teams produce more secure code,” explained Tim Mackey, technology evangelist at open source code security experts Black Duck by Synopsys. “Open source is pervasive and it plays an increasingly critical role in the software ecosystem, so any measures that bolster open source security should be applauded,” he added. It should be noted that Black Duck by Synopsys does provide a similar free service for open source project teams called CoPilot. 

The best open source rookies of 2018

via InfoWorld: Over the last decade, Black Duck by Synopsys has recognized some of the most innovative and influential open source projects launched each year. This recognition is a tribute to the success and momentum of these projects, and affirmation of their prospects going forward. We’ve seen honorees like Kubernetes (2014), Docker (2013), Ansible (2012), Bootstrap (2011), NuGet (2011), and OpenStack (2010) evolve to become some of the most influential open source projects in the market. We expect this year’s rookies to be no exception.

Synopsys reveals its open-source rookies of the year

via SD Times: Synopsys is continuing on with Black Duck’s tradition of naming Open Source Rookies of the Year. The decade-long tradition was established by Black Duck and designed to recognized the latest and greatest open-source projects. Synopsys announced it had acquired Black Duck Software in December of last year. The Open Source Rookies represent the top open source projects that were initiated in 2017. The projects cover a range of different areas including autonomous driving, scalable blockchain, and virtual network functions orchestrations, personal security, and relationship management.

What and who are the Open Source Rookies of the Year?

via Synopsys Software Integrity blog: At Black Duck by Synopsys, we work with the community and organizations to understand how the open source community is thinking about technology and the future. As part of that process, we view our connection to the open source community as a key component to understanding both where the development community is and where the open source community is moving next.

What it takes to be an Open Source Rookie

via Synopsys Software Integrity blog: 2018 is the Rookies report’s 10th anniversary, and this year’s honorees exemplify the core tenets of open source. They push the boundaries of technological innovation, build on the contributions of projects before them, lay the foundation for projects that succeed them to innovate, and engage the community for material contributions to—and strategic guidance on—the projects themselves.

With much of the Data Center stack open source, security is a special challenge

via Data Center Knowledge: Even commercial software is not immune to the open source trend. According to Synopsys-owned Black Duck Software, which tracks open source code, open source components are now present in 96 percent of commercial applications. Open source components make development faster and cheaper for both commercial software shops and in-house teams. “All of these things lead to a stack of open source,” said Tim Mackey, senior technical evangelist for Synopsys. But there’s a downside to the spread of open source code, and that downside is patch management.

Safety first: the auto industry looks to open source to uncover new sources of revenue

via Linux Foundation: Banking, Commerce, Media, Agriculture, Energy and other massive industry sectors are wholly dependent on the widespread use of open source software to function. Of course, each industry is different and faces its own set of unique challenges and requirements. In particular, the automotive industry is rightfully cautious about all software, not just open source. However, the industry has come to trust proven platforms that have shown results over time, rather than novel capabilities.

Weighing the pros and cons of open sourcing election software

via Synopsys Software Integrity blog: Open source voting applications are already playing a role in elections in New Hampshire. San Francisco, Los Angeles, and Travis County, Texas are allocating funds to move toward open source voting systems as well. If the FEC does replace proprietary software with open source, it should consider automated security tools in addition to the open source community to provide a more complete application security picture.


More by this author