Hacking Security Episode 3: OSSRA report findings

Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report. Hacking Security is a monthly podcast on emerging trends in application security development hosted by Steve G… Continue reading Hacking Security Episode 3: OSSRA report findings

Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Black Duck audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better. Our customers rely on Black Duck audits to help them understand open source license c… Continue reading Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security. On Dec. 10, 2018, the House Oversight and Government Reform Committee released a staff report detailing the… Continue reading Security lessons from the House Oversight and Government Reform Committee

NPM dependencies, supply chain attacks, and Bitcoin wallets

The EventStream incident shows just how easily attackers can infiltrate the open source software supply chain by adding a malicious dependency to a trusted component. What happened with EventStream? On Nov. 20, 2018, it was discovered that EventStream,… Continue reading NPM dependencies, supply chain attacks, and Bitcoin wallets

Webinar: Black Duck Legal Certification Course

In most transactions involving software assets, acquirers are asking the open source question, and software due diligence audits are quickly becoming the norm. The Black Duck by Synopsys On-Demand audit business sees substantial growth from year to yea… Continue reading Webinar: Black Duck Legal Certification Course

Webinar: Secure your containers with GitHub and Synopsys

In April, Synopsys and GitHub spoke about adding “Sec” to DevOps by using solutions that don’t sacrifice speed or agility. Most of the discussion focused on software composition analysis for applications. But DevOps organizations are … Continue reading Webinar: Secure your containers with GitHub and Synopsys

Why you need to perform open source due diligence in an M&A transaction

Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, … Continue reading Why you need to perform open source due diligence in an M&A transaction

Webinar: Effective policies for managing and releasing open source software

The use of open source has surpassed the occasional and solidified itself as the standard. In fact, the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis found that 96% of the applications we scanned last year contained open source com… Continue reading Webinar: Effective policies for managing and releasing open source software