Bob Saget and open source license compliance

Bob Saget and open source license compliance

Unique open source licenses provide amusement for developers but they create extra work for legal teams overseeing a company’s IP. The post Bob Saget and open source license compliance appeared first on ...
Detecting Log4j (Log4Shell): Mitigating the impact on your organization

Detecting Log4j (Log4Shell): Mitigating the impact on your organization

The discovery of Log4j has DevOps teams working tirelessly to mitigate the issue. Here are six actions your organization should be taking now. The post Detecting Log4j (Log4Shell): Mitigating the impact on ...
How to cyber security: Software supply chain risk management

How to cyber security: Software supply chain risk management

Effective software supply chain risk management requires security measures throughout the entire supply chain. The post How to cyber security: Software supply chain risk management appeared first on Software Integrity Blog ...
CyRC Vulnerability Analysis: Remote code execution zero-day exploit in Java logging library (log4j)

CyRC Vulnerability Analysis: Remote code execution zero-day exploit in Java logging library (log4j)

The NVD currently lacks a CVSS score for this vulnerability, but the Synopsys Cybersecurity Research Center (CyRC) has issued a corresponding Black Duck® Security Advisory (BDSA), and assigned a CVSS score of ...

Prioritizing Open Source Vulnerabilities: Is Reachability Useful?

Effective vulnerability management is a major task for development teams, and knowing what problems to prioritize can save unnecessary re-work. In the Software Composition Analysis (SCA) community, a hotly-debated approach to prioritization ...
Building a software Bill of Materials with Black Duck

Building a software Bill of Materials with Black Duck

In an effort to secure the software supply chain, Black Duck SBOM export capabilities now comply with the NIST standards in Executive Order 14028. The post Building a software Bill of Materials ...
How to cyber security: Butter knives and light sabers

How to cyber security: Butter knives and light sabers

Building an effective application security program for your organization begins with establishing policies and processes. The post How to cyber security: Butter knives and light sabers appeared first on Software Integrity Blog ...
GrammaTech Named a SINET16 Cybersecurity Innovator

GrammaTech Named a SINET16 Cybersecurity Innovator

Each year, SINET evaluates the technologies and products from all over the world with hundreds of cybersecurity companies being considered. Of these, 16 are chosen for being the most innovative, known as ...

Return on Investment in Software Composition Analysis?

Today, drawing from customer feedback on real user experiences, we look at how SCA means less overall risk, money, and effort with Sonatype’s Nexus Lifecycle and Nexus Firewall. Our third in this ...
Forrester recognizes Synopsys as a leader in Software Composition Analysis

Forrester recognizes Synopsys as a leader in Software Composition Analysis

Black Duck ranks highest in Strategy and receives highest possible scores in Product Vision, Market Approach, and Corporate Culture criteria. The post Forrester recognizes Synopsys as a leader in Software Composition Analysis ...