Collaborate Disseminate
As leaders in software composition analysis (SCA), we know its role throughout today’s software supply chain.
SCA was born out of necessity. How else could innovators discover, identify, and track open source software (OSS) components within… Continue reading Why Software Composition Analysis (SCA) Demands Precision
How should you track open source? It’s almost definitely in your codebase, so the question is not whether to track it but what could happen if you don’t.
The post You’re using open source software, and you need to keep track of it ap… Continue reading You’re using open source software, and you need to keep track of it
Technical due diligence on the target’s SDLC is a must for acquirers in software M&A. What you don’t know about their process and tools could hurt you.
The post Technology company M&A: Do due diligence on SDLC process/tools appeare… Continue reading Technology company M&A: Do due diligence on SDLC process/tools
Forrester recently released its “Forrester Wave Software Composition Analysis SCA for Q2 2019,” highlighting the leaders in this fast-growing category. We had a chance to sit down with three of the companies highlighted in the Wave report … Continue reading DevOps Chat: Forrester Wave Leaders Discuss SCA
Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.” This week we’re happy to announce that Forrester has recognized… Continue reading Forrester recognizes Synopsys as a leader in software composition analysis
SCA tools are an essential part of your AppSec toolkit, because free and open source software—just like free puppies—comes with hidden costs and risks. This entry in our BSIMM Monthly Insights series was contributed by guest author Stacy Mo… Continue reading The hidden costs and risks of free puppies (and open source)
Hacking Security is a monthly podcast on emerging trends in application security. Episode 3 explores key findings from the 2018 OSSRA report. Hacking Security is a monthly podcast on emerging trends in application security development hosted by Steve G… Continue reading Hacking Security Episode 3: OSSRA report findings
The EventStream incident shows just how easily attackers can infiltrate the open source software supply chain by adding a malicious dependency to a trusted component. What happened with EventStream? On Nov. 20, 2018, it was discovered that EventStream,… Continue reading NPM dependencies, supply chain attacks, and Bitcoin wallets
Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be… Continue reading Securing containers at scale
Two powerful yet relatively new technologies in application security testing are interactive application security testing (IAST) and software composition analysis (SCA). IAST solutions are designed to help organizations identify and manage security ris… Continue reading The intersection between IAST and SCA and why you need both in your security toolkit