Custom and variant licenses: What’s in the fine print?

Wednesday, December 07, 2022

An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code. That’s table stakes to providing analysis about …

I have my Black Duck Audit reports; What’s next?

Wednesday, November 23, 2022

Get the most out of your Black Duck Open Source Audit by understanding the report components and next steps you need to take. Black Duck® Open Source Audit reports provide a tremendous amount of information. We have been performing audits and delivering results to customers for over 15 years, and we continue to seek to …

Experts warn of critical security vulnerability discovered in OpenSSL

Wednesday, November 16, 2022

Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. Security experts are giving organizations advance disclosure of a critical vulnerability discovered in OpenSSL version 3.0 and above, leaving many to speculate about the potential impact to their organization. The OpenSSL project team …

Secure cloud-native apps and APIs at the speed your business demands

Wednesday, October 26, 2022

The cloud-native development model entered the mainstream in the recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend. Thanks to these emerging technologies, organizations can build and run their apps fast, in a distributed manner and without reliance on physical hardware infrastructures. But …

Understanding the hows and whys of open source audits

Wednesday, October 19, 2022

If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source. And if you’re on the lookout for your next acquisition, you’ll be evaluating …

Smart home under fuzzing

Thursday, October 06, 2022

Smart homes rely on secure devices. Fuzz testing identifies software vulnerabilities in smart devices by fuzzing wireless and IoT protocols. The Internet of Things (IoT) has been a buzzword for years, but have you noticed that something has changed around you? Take a moment to think about your home. How many connected devices can you …

software license

Five types of software licenses you need to understand

Thursday, September 22, 2022

If a company creates software, it also reuses code, including code snippets, libraries, functions, frameworks, and entire applications. In fact, in most applications the majority of the code comprises reused third-party components. And all software code comes with certain rights and obligations if used by others or incorporated in a company’s codebase. Even code snippets …

Secure SDLC 101

Thursday, September 01, 2022

The digital transformation that has swept across all industry sectors means that every business is now a software business. Whether you’re selling software directly to your customers or developing it to run your operations, your organization needs to protect your bottom line by building trust in your software without sacrificing the speed and agility that …

Introducing IaC Security from Black Duck

Thursday, August 11, 2022

The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months …

Build a holistic AppSec program

Thursday, July 21, 2022

What does it mean to build a holistic AppSec program? Learn what’s involved in a holistic approach and how to get started. Digital technology is the centerpiece of modern life today. All around us, technology is transforming business operations from end-to-end, from digital-first businesses to those simply updating existing processes. According to Gartner, 65% of executives …