Software Integrity Blog

Open source licenses: No license, no problem? Or … not?

Open source licenses: No license, no problem? Or … not?

Understand the three common scenarios for why unlicensed open source is found in the codebase and the implications of it being embedded in commercial apps.

Continue Reading...

BSIMM11 tracks top trends in market activity

BSIMM11 tracks top trends in market activity

Measure and improve your software security initiative using the four key market activity trends observed in the new BSIMM11 report.

Continue Reading...

MITRE releases 2020 CWE Top 25 most dangerous software weaknesses

MITRE releases 2020 CWE Top 25 most dangerous software weaknesses

Learn how this year’s CWE Top 25 list of the most dangerous software weaknesses can be used to set priorities in your application security.

Continue Reading...

BSIMM11: Tracking the cutting edge of software security initiatives

BSIMM11: Tracking the cutting edge of software security initiatives

BSIMM11 gathers research on software security activities from real-life firms to create a guide to help you navigate your software security initiative.

Continue Reading...

TANSTAAFL! The tragedy of the commons meets open source software

TANSTAAFL! The tragedy of the commons meets open source software

Open source projects can become victims of their own success. What can developers do to secure their open source software?

Continue Reading...

Black Duck continues to expand vulnerability prioritization methods

Black Duck continues to expand vulnerability prioritization methods

Today’s release of Black Duck adds vulnerability impact analysis, which indicates whether your application executes vulnerable code. Let’s look at how this addition further augments your prioritization efforts.

Continue Reading...

Developing a COVID-19 track and trace app — through the lens of Synopsys

Developing a COVID-19 track and trace app — through the lens of Synopsys

The rapidly evolving COVID-19 emergency has set off a global race to trace, and Synopsys offers key considerations for track and trace application development.

Continue Reading...

How to cyber security: Pain in the *AST

How to cyber security: Pain in the *AST

What’s the difference between IT security and application security? And what do all those acronyms mean? Learn more in our quick cyber security primer.

Continue Reading...

Defensible risk management can improve your job security

Defensible risk management can improve your job security

If your organization suffers a data breach, your job security might hinge on whether you’ve practiced defensible risk management. Don’t make these mistakes.

Continue Reading...

To improve DevSecOps, set application security priorities

To improve DevSecOps, set application security priorities

Where does application security fit into DevSecOps? Everywhere: from preventing vulnerabilities to securing open source to prioritizing significant defects.

Continue Reading...

 
Be the first to know

Don’t miss the latest AppSec news and trends every Friday.

Subscribe to the blog

 

BSIMM 11