Forrester recognizes Synopsys as a leader in software composition analysis

Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.” This week we’re happy to announce that Forrester has recognized… Continue reading Forrester recognizes Synopsys as a leader in software composition analysis

RSA Conference 2019: Operational Technology Widens Supply Chain Attack Surfaces

Between operational technology and open source, the supply chain is rapidly expanding – and companies that can’t keep up will be the next security targets, said experts at RSA Conference 2019. Continue reading RSA Conference 2019: Operational Technology Widens Supply Chain Attack Surfaces

Red Hat OpenShift integrates with new Synopsys Polaris platform

Open source is eating software, but Red Hat and Synopsys let you build and deploy containers securely and at scale with an OpenShift and Black Duck integration. Netscape founder Marc Andreessen once proclaimed that software is eating the world. He mean… Continue reading Red Hat OpenShift integrates with new Synopsys Polaris platform

The hidden costs and risks of free puppies (and open source)

SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks. This entry in our BSIMM Monthly Insights series was contributed by guest author Stacy Mo… Continue reading The hidden costs and risks of free puppies (and open source)

3 takeaways from “Managing the Business Risks of Open Source” webinar

Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar. Software finished eating the world sometime in 2016, when Marc Andreessen modified his original s… Continue reading 3 takeaways from “Managing the Business Risks of Open Source” webinar

Announcing Black Duck OpsSight 2.2—Container security at scale 

With containers, we’ve changed the way we deploy applications. Now it’s time to change the way we secure them, with container scanning tools for open source. Containers require a different approach to application security Containers, which … Continue reading Announcing Black Duck OpsSight 2.2—Container security at scale 

Preparing for an open source audit: Which software assets are worth analyzing?

In an open source software audit, you should scan all software assets required to build your applications. But how do you identify and locate them? One of the biggest challenges when preparing for an open source audit is to determine the set of files t… Continue reading Preparing for an open source audit: Which software assets are worth analyzing?