software supply chain security
The 2025 OSSRA report uncovers answers to common open source questions
Get answers to some of today's most common open source questions by examining the data in the 2025 Open Source Security Risk and Analysis (OSSRA) report.The post The 2025 OSSRA report uncovers ...
Top open source licenses and legal risk for developers
Explore top open source licenses and understand their legal risks. A comprehensive guide for developers navigating the open source software landscape.The post Top open source licenses and legal risk for developers appeared ...
Understanding the DeepSeek model license: Balancing openness and responsibility
Explore the DeepSeek model license and the potential license compliance implications that come with using it in your applications.The post Understanding the DeepSeek model license: Balancing openness and responsibility appeared first on ...
Analyze AI-Generated Code with the Black Duck Snippet API
Black Duck Snippet Analysis is available via API as a more scalable solution for analyzing AI-generated code for open source license compliance.The post Analyze AI-Generated Code with the Black Duck Snippet API ...
Log4Shell Vulnerability | Why it Still Exists and How to Protect Yourself | Contrast Security
Three years ago, Log4Shell was the worst holiday gift ever for security teams, particularly given that it was wrapped in a CISA order to patch by Christmas Eve. ...
Understanding generative AI risks in software development
Generative AI risks share the same concerns as human-written code. Learn how Black Duck can help you managing license, quality, and security in your AI-generated code.The post Understanding generative AI risks in ...
That was then, this is now….Modernizing AppSec in Fast-Paced Development Environments
You are the weakest link. Hello. Ninety-one percent of organizations experienced at least one software supply chain security incident in 2023. Chances are the other 9% are riding their luck: The ...
Five Gartner Reports. Four Categories. What Does OX Security Do Anyway?
Analyst firms play an important role in the tech vendor landscape. Their reports help buyers and would-be buyers learn about vendors and their offerings. In cybersecurity, in particular, buyers use analysts’ outputs ...
Securing Artifacts: Keyless Signing with Sigstore and CI/MON
Artifact integrity is crucial in maintaining software security and trustworthiness. High-profile breaches like SolarWinds, CodeCov, 3CX, and JumpCloud have shown how altering artifact contents can lead to significant security vulnerabilities, enabling attackers ...
What Is Application Detection and Response (ADR)?
Application detection and response (ADR) is an emerging cybersecurity category that focuses on application visibility, protection, and remediation. ADR is a comprehensive and proactive approach to application security that incorporates automation, prioritization, ...
