SBOM: What’s in your software ingredients list?

Wednesday, January 11, 2023

With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies …

The top three differences between an open source audit and an open source scan

Wednesday, December 14, 2022

Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization. One of the biggest challenges of helping organizations determine the correct approach to managing their open source usage is the range of risk profiles, standards, and even definitions of “audits” and …

Custom and variant licenses: What’s in the fine print?

Wednesday, December 07, 2022

An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code. That’s table stakes to providing analysis about …

I have my Black Duck Audit reports; What’s next?

Wednesday, November 23, 2022

Get the most out of your Black Duck Open Source Audit by understanding the report components and next steps you need to take. Black Duck® Open Source Audit reports provide a tremendous amount of information. We have been performing audits and delivering results to customers for over 15 years, and we continue to seek to …

Understanding the hows and whys of open source audits

Wednesday, October 19, 2022

If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source. And if you’re on the lookout for your next acquisition, you’ll be evaluating …