"AppSec Best Practices"
Polaris release update: Automated remediation, reachability-driven prioritization, and deeper scanning coverage
The latest Black Duck Polaris release automates fix PRs, surfaces CISA KEV status for faster triage, adds binary scanning, and extends SAST and SCA to on-prem GitHub environments. Here's what changed.The post ...
Beyond the noise: Better risk prioritization with Polaris reachability analysis
Stop treating every CVE as a crisis. Discover how risk prioritization and reachability analysis help your security team focus on what truly matters.The post Beyond the noise: Better risk prioritization with Polaris ...
Polaris release update: Expanded integrations, deeper detection, complete license governance
Black Duck Polaris May 2026 updates: bulk GitLab/Bitbucket repo onboarding, AI credential detection, license governance improvements, and expanded Go/Scala SAST coverage.The post Polaris release update: Expanded integrations, deeper detection, complete license governance ...
Catch critical defects before embedded software ships
Prevent costly post-deployment failures in embedded software. Learn how "shift everywhere" strategies and automated testing catch defects early in the SDLC.The post Catch critical defects before embedded software ships appeared first on ...
AI is rewriting the rules of application security—and most organizations aren’t ready
AI is rewriting application security rules. BSIMM16 reveals how leading organizations are adapting their AppSec programs for AI-generated code, automation, and new threats.The post AI is rewriting the rules of application security—and ...
Navigating the AI security era: Key trends for software leaders in 2026
Features Black Duck’s Chief Product and Technology Officer Dipto Chakravarty on key topics like AI agents and quantum computing.The post Navigating the AI security era: Key trends for software leaders in 2026 ...
Vibe coding and its implications
Explore the concept of vibe coding, its benefits, risks, and best practices. Learn how to harness AI-assisted development while maintaining software security and integrity. The post Vibe coding and its implications appeared ...
Bridging the divide: Why friction between dev and security persists (and how to fix it)
AppSec slows 53% of dev teams despite daily releases. Discover how intelligent automation eliminates friction, cuts noise by 80%, and accelerates secure development.The post Bridging the divide: Why friction between dev and ...
Introducing Black Duck Signal: Agentic AI that solves the noise crisis in application security
Black Duck Signal uses agentic AI to solve the AppSec noise crisis. Automatically find and fix security vulnerabilities in any programming language with AI agents powered by 20+ years of application security ...
The next frontier in AppSec: Context-aware risk scoring
Discover how context-aware risk scoring revolutionizes application security in the AI era. Learn how this approach helps prioritize vulnerabilities and improve security posture.The post The next frontier in AppSec: Context-aware risk scoring ...
