process risk m and a

Making intelligent tradeoffs in software due diligence

Wednesday, February 07, 2024

Engineers tend to see the world in terms of tradeoffs. Certainly, successful product or solution design requires a clear understanding of the problem to be solved and the associated constraints, and then making informed tradeoffs to solve the problem within the constraints. Tradeoff thinking also applies to successful software due diligence. The purposes of due diligence …

Top open source licenses and legal risk for developers

Wednesday, June 14, 2023

Learn about the top open source licenses used by developers in 2022-23, including the 20 most popular open source licenses, and their legal risk categories. Software supply chain management needs license as well as security compliance If you’re a software developer, you’re probably using open source components and libraries to build software. You know those …

Production-safe DAST: Your secret weapon against threat actors

Wednesday, May 10, 2023

Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested. By incorporating dynamic application security testing (DAST) …

Secure SDLC 101

Thursday, September 01, 2022

The digital transformation that has swept across all industry sectors means that every business is now a software business. Whether you’re selling software directly to your customers or developing it to run your operations, your organization needs to protect your bottom line by building trust in your software without sacrificing the speed and agility that …

Introducing IaC Security from Black Duck

Thursday, August 11, 2022

The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months …

Tech tales: Achieving PCI compliance with application security testing

Thursday, June 16, 2022

In our new tech tales series, we discuss how Synopsys customers use our products and services to uncover security risks in their organization. Synopsys customers span every industry—from small to large enterprises across financial services, automotive, public sector, medical and healthcare, and much more. One thing they all have in common is building trust into their software. Synopsys offers integrated …

Black Duck Open Source Audits: Working through licensing issues like a pro

Thursday, May 26, 2022

It’s critical to have the right people and approach when it comes to understanding and resolving licensing issues in open source audits. Many of our regular Black Duck Audit customers have well-honed processes that kick in after we deliver reports. We’ve gleaned some ideas and approaches from working with these clients and the biggest pro …

drone safety embedded code

As drone adoption soars, expect greater regulation of embedded code

Thursday, January 06, 2022

Software safety and security will become more closely scrutinized as the commercial drone industry grows. The use of drones is expected to skyrocket in the coming years. The commercial market alone is expected to grow by 32% around the world every year through 2026. FAA records show 868,421 drones are registered for use in the …

Motivation for Software Architecture Refactoring

Wednesday, January 15, 2020

Refactoring is commonly applied to code, but refactoring can also be applied to other development artifacts like databases, UML models, and software architecture. Refactoring software architecture is particularly relevant because during development the architecture is constantly changing (sometimes for the worse; see our blog post on Architectural Erosion) and expanding. Software architecture refactoring should happen regularly …