developers at work

DevSecOps Practices to Maintain Developer Velocity

Wednesday, January 17, 2024

By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development. The importance of DevSecOps can also be seen in the Synopsys “2023 Global State …

testing

Shifting everywhere: The importance of continuous testing in the software development life cycle

Wednesday, December 06, 2023

“Shifting left” is the philosophy of pushing security testing as early as possible in the development process. When the idea was first popularized, the only viable tool-based option was to run static analysis during coding, and then perform penetration testing before the application went live. Today “shifting everywhere” means automated, continuous testing throughout the software …

JavaScript security best practices for securing your applications

Wednesday, December 21, 2022

JavaScript, like other programming languages, are not without security challenges. These JavaScript security best practices will help you build more-secure code. JavaScript is one of the most popular programming languages, largely because it’s an easy language for beginners. It’s easy to set up, it has an active and vast community, and users can create web, …

Secure SDLC 101

Thursday, September 01, 2022

The digital transformation that has swept across all industry sectors means that every business is now a software business. Whether you’re selling software directly to your customers or developing it to run your operations, your organization needs to protect your bottom line by building trust in your software without sacrificing the speed and agility that …

Introducing IaC Security from Black Duck

Thursday, August 11, 2022

The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months …

Build a holistic AppSec program

Thursday, July 21, 2022

What does it mean to build a holistic AppSec program? Learn what’s involved in a holistic approach and how to get started. Digital technology is the centerpiece of modern life today. All around us, technology is transforming business operations from end-to-end, from digital-first businesses to those simply updating existing processes. According to Gartner, 65% of executives …

2022 OSSRA report

2022 OSSRA discovers 88% of organizations still behind in keeping open source updated

Thursday, May 05, 2022

Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2022 OSSRA report. It’s the time of the year when Spring is springing, and we release the annual Synopsys Open Source Security and Risk (OSSRA) report, with the 7th edition of OSSRA out this week. This year’s …

AppSec program

What is the maturity level of your AppSec program?

Thursday, April 21, 2022

Using the Forrester assessment, you can measure the maturity of your AppSec program to help identify areas for improvement. Any organization that wants to secure its software should make maturity of its AppSec program its holy grail. Maturity means making security the first thought, not an afterthought. It means embedding security into software throughout the …

AppSec Decoded

AppSec Decoded: Building security into DevSecOps

Thursday, April 14, 2022

Our experts discuss the changes organizations are making to their processes and AST tool management to achieve more effective DevSecOps. Application security testing is evolving to meet the speed at which DevOps teams operate. Processes and tools are more fast-paced and rely on integration and automation to maintain efficiency throughout the software development life cycle (SDLC). But …