Introducing the Black Duck Jira Cloud integration

The Black Duck Jira Cloud integration is based on a flexible, customizable model, backed by the same exemplary Black Duck software composition product.
The post Introducing the Black Duck Jira Cloud integration appeared first on Software Integrity Blo… Continue reading Introducing the Black Duck Jira Cloud integration

Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

Over the last several years, we’ve been raising awareness of breaches to popular open source software components and the worrying trend that they are more frequently being attacked at the source – bad actors are growing bolder and the veloci… Continue reading Anatomy of the RubyGems ‘rest-client’ hack, and getting creative about open source security

[Webinar] Vulnerability reporting alternatives to NVD data feeds

National Vulnerability Database provide valuable information on newly reported vulnerabilities. But there’s a better, faster alternative to NVD data feeds.
The post [Webinar] Vulnerability reporting alternatives to NVD data feeds appeared first … Continue reading [Webinar] Vulnerability reporting alternatives to NVD data feeds

[Webinars] Cloud security and open source licensing

Learn how to adopt a cloud-native model for application security and how to mitigate legal risk by better understanding open source licensing obligations.
The post [Webinars] Cloud security and open source licensing appeared first on Software Integrit… Continue reading [Webinars] Cloud security and open source licensing

NIST Proposes Standards to Secure Government SDLC

Earlier this Summer, the National Institute of Standards and Technology (NIST), a part of the U.S. Chamber of Commerce, proposed a set of standards to address software supply chain attacks – and the growing need for better software security.
The p… Continue reading NIST Proposes Standards to Secure Government SDLC

Open source audits: The secret ingredient for successful M&A

Identifying open source in the target’s codebase is essential to M&A transactions involving software. Open source audits go far beyond what SCA can provide.
The post Open source audits: The secret ingredient for successful M&A appeared f… Continue reading Open source audits: The secret ingredient for successful M&A

[Webinars] Software supply chain and open source scans

Learn how different open source scans create different value for M&A transactions, and how binary analysis can help you secure your software supply chain.
The post [Webinars] Software supply chain and open source scans appeared first on Software I… Continue reading [Webinars] Software supply chain and open source scans

Code Exposure: The Vulnerabilities in Your Code & Where They Originate

Code Exposure: The Vulnerabilities in Your Code & Where They Originate Typical software applications are comprised of two types of code: custom code created by your internal development teams, and third-party code – often open source – … Continue reading Code Exposure: The Vulnerabilities in Your Code & Where They Originate

You’re using open source software, and you need to keep track of it

How should you track open source? It’s almost definitely in your codebase, so the question is not whether to track it but what could happen if you don’t.
The post You’re using open source software, and you need to keep track of it ap… Continue reading You’re using open source software, and you need to keep track of it