Open Source Security
Four requirements for open source vulnerability management in a DevOps environment
Most applications contain open source code, which can expose companies to risks if left unchecked. Make the most of your open source vulnerability management with the right approach and tooling. The post ...
Open source licenses: No license, no problem? Or … not?
Understand the three common scenarios for why unlicensed open source is found in the codebase and the implications of it being embedded in commercial apps. The post Open source licenses: No license, ...
TANSTAAFL! The tragedy of the commons meets open source software
Open source projects can become victims of their own success. What can developers do to secure their open source software? The post TANSTAAFL! The tragedy of the commons meets open source software ...
[Webinars] OpenChain and open source supply chain security
Learn what OpenChain is, how it works, and how companies around the world are using it to secure their software supply chains and reduce open source risk. The post [Webinars] OpenChain and ...
[Webinars] Open source, threat modeling, Node.js security
Hear about the state of open source in our Red Hat partner webinar, discover our approach to threat modeling, and learn how to secure Node.js applications. The post [Webinars] Open source, threat ...
[Webinars] Binary scanning, software supply chain management
In this week’s webinars, we’ll talk about binary scanning techniques and challenges, and how to reduce your risk with software supply chain management. The post [Webinars] Binary scanning, software supply chain management ...
Need a vulnerability assessment yesterday? Consider a Black Duck Audit
When you don’t have any time or resources to spare, Black Duck Audits provide a deep, accurate, rapid vulnerability assessment, plus remediation guidance. The post Need a vulnerability assessment yesterday? Consider a ...
NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year. As the ...
Black Duck Audits: Not just for M&A
If you don’t have an SCA tool, a software audit can give you a bill of materials needed for product releases, vendor requirements, and procuring insurance. The post Black Duck Audits: Not ...
Why developers need a supplemental source to NVD vulnerability data
The NVD is a good source for open source vulnerability data. But with an average 27-day reporting delay, it shouldn’t be your only source of information. The post Why developers need a ...
