Top open source licenses and legal risk for developers
Learn about the top open source licenses used by developers in 2022-23, including the 20 most popular open source licenses, and their legal risk categories. Software supply chain management needs license as well as security compliance If you’re a software developer, you’re probably using open source components and libraries to build software. You know those …
Continue reading “Top open source licenses and legal risk for developers”
Production-safe DAST: Your secret weapon against threat actors
Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested. By incorporating dynamic application security testing (DAST) …
Continue reading “Production-safe DAST: Your secret weapon against threat actors”
Secure SDLC 101
The digital transformation that has swept across all industry sectors means that every business is now a software business. Whether you’re selling software directly to your customers or developing it to run your operations, your organization needs to protect your bottom line by building trust in your software without sacrificing the speed and agility that …
Introducing IaC Security from Black Duck
The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months …
Tech tales: Achieving PCI compliance with application security testing
In our new tech tales series, we discuss how Synopsys customers use our products and services to uncover security risks in their organization. Synopsys customers span every industry—from small to large enterprises across financial services, automotive, public sector, medical and healthcare, and much more. One thing they all have in common is building trust into their software. Synopsys offers integrated …
Continue reading “Tech tales: Achieving PCI compliance with application security testing”
Black Duck Open Source Audits: Working through licensing issues like a pro
It’s critical to have the right people and approach when it comes to understanding and resolving licensing issues in open source audits. Many of our regular Black Duck Audit customers have well-honed processes that kick in after we deliver reports. We’ve gleaned some ideas and approaches from working with these clients and the biggest pro …
Continue reading “Black Duck Open Source Audits: Working through licensing issues like a pro”
As drone adoption soars, expect greater regulation of embedded code
Software safety and security will become more closely scrutinized as the commercial drone industry grows. The use of drones is expected to skyrocket in the coming years. The commercial market alone is expected to grow by 32% around the world every year through 2026. FAA records show 868,421 drones are registered for use in the …
Continue reading “As drone adoption soars, expect greater regulation of embedded code”
Motivation for Software Architecture Refactoring
Refactoring is commonly applied to code, but refactoring can also be applied to other development artifacts like databases, UML models, and software architecture. Refactoring software architecture is particularly relevant because during development the architecture is constantly changing (sometimes for the worse; see our blog post on Architectural Erosion) and expanding. Software architecture refactoring should happen regularly …
Continue reading “Motivation for Software Architecture Refactoring”
