Collaborate Disseminate
In this week’s webinars, we’ll talk about binary scanning techniques and challenges, and how to reduce your risk with software supply chain management.
The post [Webinars] Binary scanning, software supply chain management appeared first on… Continue reading [Webinars] Binary scanning, software supply chain management
When you don’t have any time or resources to spare, Black Duck Audits provide a deep, accurate, rapid vulnerability assessment, plus remediation guidance.
The post Need a vulnerability assessment yesterday? Consider a Black Duck Audit appeared f… Continue reading Need a vulnerability assessment yesterday? Consider a Black Duck Audit
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year.
As the depar… Continue reading NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities
If you don’t have an SCA tool, a software audit can give you a bill of materials needed for product releases, vendor requirements, and procuring insurance.
The post Black Duck Audits: Not just for M&A appeared first on Software Integrity Blo… Continue reading Black Duck Audits: Not just for M&A
The NVD is a good source for open source vulnerability data. But with an average 27-day reporting delay, it shouldn’t be your only source of information.
The post Why developers need a supplemental source to NVD vulnerability data appeared first… Continue reading Why developers need a supplemental source to NVD vulnerability data
Learn how vulnerability reports can help you fix critical vulnerabilities effectively, and the essentials of application security for DevOps and CI/CD.
The post [Webinars] Vulnerability reports, application security for DevOps and CI/CD appeared first… Continue reading [Webinars] Vulnerability reports, application security for DevOps and CI/CD
Learn more about the 2020 OSSRA report, guidelines and solutions for remote security testing, and why all software development should be secure development.
The post [Webinars] Open source security, remote security testing, secure development appeared… Continue reading [Webinars] Open source security, remote security testing, secure development
WhiteSource, one of the leaders in the software composition analysis space, recently released its annual report, “The State of Open Source Security Vulnerabilities.” It is chock full of good data and findings on the current state of open s… Continue reading DevOps Chats: Open Source Security, With WhiteSource
Are you releasing software with legacy vulnerabilities that you put aside to address later but forgot about—or that you didn’t even know were in your code?
The post How to deal with legacy vulnerabilities appeared first on Software Integri… Continue reading How to deal with legacy vulnerabilities
A new report from Bitkom reveals that among companies that use open source, many aren’t sure of the best way to approach open source risk management.
The post Open source software use grows in Germany, but compliance and risk management need imp… Continue reading Open source software use grows in Germany, but compliance and risk management need improvement