Software Integrity Blog

[Webinars] How to risk rank vulnerabilities, insights from BSIMM10

Learn about five ways to approach risk ranking in vulnerability management, and hear key insights into real-life software security programs from BSIMM10.

Continue Reading...

Apache Struts research at scale, Part 1: Building 115 versions of Struts

When our research findings from CVE-2018-11776 prompted us to research other vulnerabilities, the first step was building 115 versions of Apache Struts.

Continue Reading...

Don’t let your supply chain undermine your security

How do you vet the security of third-party software from vendors, partners, and contractors? Follow software supply chain risk management best practices.

Continue Reading...

How the 2019 CWE Top 25 can boost your application security

You can use the 2019 CWE Top 25 to help focus your application security efforts. Learn more about this list of the 25 most dangerous software weaknesses.

Continue Reading...

How DevOps security tools support modern applications

Modern application development organizations must integrate and automate DevOps security tools such as IAST into CI/CD pipelines to speed developers.

Continue Reading...

How to build a process around an application security tool

How do you ensure your application security tools are enablers rather than hurdles? By building application security processes around the tools you deploy.

Continue Reading...

Cyber security audits top due diligence checklists

In a study by (ISC)2, all executives and M&A professionals surveyed agreed that cyber security audits have become standard practice in tech due diligence.

Continue Reading...

Top 3 reasons to choose Black Duck

What sets Black Duck apart from other SCA solutions? Industry-leading innovation, extensive vulnerability detection, and a broad range of integrations.

Continue Reading...

[Webinars] Evidence-based security, design and code quality in tech M&A

Learn how to improve software security using evidence-based standards, and why you should inspect design and code quality during technical due diligence.

Continue Reading...

CloudBees and Synopsys: Putting ‘Sec’ into DevSecOps

CloudBees Core users can add Synopsys AST offerings to their pipelines to boost their software security posture without slowing down application delivery.

Continue Reading...