3 takeaways from “Managing the Business Risks of Open Source” webinar

3 takeaways from “Managing the Business Risks of Open Source” webinar

| | Open Source Security, Webinars
Managing open source risk is essential today, when open source use is abundant but can threaten your business. Here are three key points from our webinar. Software finished eating the world sometime in 2016, when Marc Andreessen modified his original statement to “software is programming the world.” I think Andreessen ... Read More
9 highlights from the 2018 Software Integrity Blog

9 highlights from the 2018 Software Integrity Blog

| | General
From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year. 1. The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of ... Read More
Security lessons from the House Oversight and Government Reform Committee

Security lessons from the House Oversight and Government Reform Committee

The U.S. House Committee on Oversight and Government Reform has more than a few things to say about responsible enterprise application security. On Dec. 10, 2018, the House Oversight and Government Reform Committee released a staff report detailing the committee’s 14-month investigation into the 2017 Equifax data breach. The 96-page ... Read More
10 critical cloud security threats in 2018 and beyond

10 critical cloud security threats in 2018 and beyond

| | Cloud Security, infographic
Explore 10 critical cloud security threats: data breaches, human error, data loss with no backup, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws. With an estimated 70% of all organizations using the cloud, cloud security threats should be a concern for every business. A 2017 ... Read More
Black Duck by Synopsys FLIGHT East 2018 presentations

Black Duck by Synopsys FLIGHT East 2018 presentations

Today’s software contains on average more than 50% open source. That’s why organizations with foresight are including software composition analysis in their security plans. FLIGHT East 2018 was full of tips, techniques, applications, and solutions for open source security. Here are some of the presentations. Today’s software contains significant amounts ... Read More
Why you need to perform open source due diligence in an M&A transaction

Why you need to perform open source due diligence in an M&A transaction

Most companies involved with technology M&A understand the importance of open source risks in software. Today’s software contains significant amounts of open source, on average more than 50%, according to a 2018 Synopsys study. Consequently, it has become the norm for acquirers to raise open source questions as part of ... Read More
CVE-2018-11776 and why you need Black Duck Security Advisories

CVE-2018-11776 and why you need Black Duck Security Advisories

In August I wrote about a new Apache Struts vulnerability that affected Struts 2.3 and Struts 2.5. Apache Struts, an open source framework for developing web applications, is widely used by enterprises worldwide, including (at least at one point in time) the Equifax credit reporting agency. When Equifax did not ... Read More
Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

Struts flaw, SAST, IAST, DAST & RASP primer, hacking planes, ATMs, and water heaters

We wind up the month of August with stories on the latest Apache Struts hack—bad news, if you remember Equifax—and what you need to do now to protect yourself. Plus news on plane, ATM, and even water heater hacks, and a primer on what to look for in SAST, DAST, ... Read More
CVE-2018-11776—The latest Apache Struts vulnerability

CVE-2018-11776—The latest Apache Struts vulnerability

About a week ago, a security researcher disclosed a critical remote code execution vulnerability in the Apache Struts web application framework that could allow remote attackers to run malicious code on the affected servers. The vulnerability (CVE-2018-11776) affects all supported versions of Struts 2 and was patched by the Apache ... Read More
Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Wading through the alphabet soup of application security testing tools: A guide to SAST, IAST, DAST, and RASP

Every application security testing tool has advantages and disadvantages. No single solution can ensure you find and fix all vulnerabilities. But application security tools can complement one another and help you secure your applications in each stage of the software development life cycle (SDLC) and beyond. Here’s a quick overview ... Read More