
Production-safe DAST: Your secret weapon against threat actors
Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested. By incorporating dynamic application security testing (DAST) …
Continue reading “Production-safe DAST: Your secret weapon against threat actors”

2023 OSSRA: A deep dive into open source trends
Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2023 OSSRA report. It’s that time of year again: Now in its 8th edition, the Synopsys “Open Source Security and Risk Analysis” (OSSRA) report launched earlier this week. This year’s report, produced by the Synopsys Cybersecurity Research Center (CyRC), …
Continue reading “2023 OSSRA: A deep dive into open source trends”

Software risks and technical debt: The role of process in determining good software
Understanding how software is developed and the areas impacted by technical debt can help lawyers and investors assess software risks during an M&A. Insight into how software is developed and what kinds of issues can lurk in a codebase enables businesspeople and lawyers to better understand software risks and how to mitigate them. Disciplined development …

OWASP Top 10: Broken access control
Listed as #1 on the OWASP Top 10 list, broken access control is when an attacker can gain unauthorized access to restricted information or systems. Access control ensures that people can only gain access to things they’re supposed to have access to. When access control is broken, an attacker can obtain unauthorized access to information …

The top cyber security stories of 2022
A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. Yes, ‘tis the season when cyber security experts gaze into the crystal ball to tell us what to expect in the coming year, which is fine, but …

SBOM: What’s in your software ingredients list?
With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies …
Continue reading “SBOM: What’s in your software ingredients list?”

JavaScript security best practices for securing your applications
JavaScript, like other programming languages, are not without security challenges. These JavaScript security best practices will help you build more-secure code. JavaScript is one of the most popular programming languages, largely because it’s an easy language for beginners. It’s easy to set up, it has an active and vast community, and users can create web, …
Continue reading “JavaScript security best practices for securing your applications”

The top three differences between an open source audit and an open source scan
Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization. One of the biggest challenges of helping organizations determine the correct approach to managing their open source usage is the range of risk profiles, standards, and even definitions of “audits” and …
Continue reading “The top three differences between an open source audit and an open source scan”

Custom and variant licenses: What’s in the fine print?
An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code. That’s table stakes to providing analysis about …
Continue reading “Custom and variant licenses: What’s in the fine print?”

I have my Black Duck Audit reports; What’s next?
Get the most out of your Black Duck Open Source Audit by understanding the report components and next steps you need to take. Black Duck® Open Source Audit reports provide a tremendous amount of information. We have been performing audits and delivering results to customers for over 15 years, and we continue to seek to …
Continue reading “I have my Black Duck Audit reports; What’s next?”