SBOM: What’s in your software ingredients list?
With an average of 500 components in an application, it’s difficult to know what’s in your software. The right security tools and expertise are here to help. A software Bill of Materials (SBOM) is an inventory of what makes up a software application: the “ingredients list” of everything in it. There’s pressure today for companies …
Continue reading “SBOM: What’s in your software ingredients list?”
JavaScript security best practices for securing your applications
JavaScript, like other programming languages, are not without security challenges. These JavaScript security best practices will help you build more-secure code. JavaScript is one of the most popular programming languages, largely because it’s an easy language for beginners. It’s easy to set up, it has an active and vast community, and users can create web, …
Continue reading “JavaScript security best practices for securing your applications”
The top three differences between an open source audit and an open source scan
Understanding the differences between an open source audit and an open source scan will help you determine which approach is best for your organization. One of the biggest challenges of helping organizations determine the correct approach to managing their open source usage is the range of risk profiles, standards, and even definitions of “audits” and …
Continue reading “The top three differences between an open source audit and an open source scan”
Custom and variant licenses: What’s in the fine print?
An open source audit reveals much about modern software. A thorough one will draw attention to license issues that go beyond typical open source license conflicts. The baseline finding of an audit is a complete, accurate software Bill of Materials (SBOM) of open source and third-party software in the code. That’s table stakes to providing analysis about …
Continue reading “Custom and variant licenses: What’s in the fine print?”
I have my Black Duck Audit reports; What’s next?
Get the most out of your Black Duck Open Source Audit by understanding the report components and next steps you need to take. Black Duck® Open Source Audit reports provide a tremendous amount of information. We have been performing audits and delivering results to customers for over 15 years, and we continue to seek to …
Continue reading “I have my Black Duck Audit reports; What’s next?”
Experts warn of critical security vulnerability discovered in OpenSSL
Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. Security experts are giving organizations advance disclosure of a critical vulnerability discovered in OpenSSL version 3.0 and above, leaving many to speculate about the potential impact to their organization. The OpenSSL project team …
Continue reading “Experts warn of critical security vulnerability discovered in OpenSSL”
Secure cloud-native apps and APIs at the speed your business demands
The cloud-native development model entered the mainstream in the recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend. Thanks to these emerging technologies, organizations can build and run their apps fast, in a distributed manner and without reliance on physical hardware infrastructures. But …
Continue reading “Secure cloud-native apps and APIs at the speed your business demands”
Understanding the hows and whys of open source audits
If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source. And if you’re on the lookout for your next acquisition, you’ll be evaluating …
Continue reading “Understanding the hows and whys of open source audits”
Smart home under fuzzing
Smart homes rely on secure devices. Fuzz testing identifies software vulnerabilities in smart devices by fuzzing wireless and IoT protocols. The Internet of Things (IoT) has been a buzzword for years, but have you noticed that something has changed around you? Take a moment to think about your home. How many connected devices can you …
Five types of software licenses you need to understand
If a company creates software, it also reuses code, including code snippets, libraries, functions, frameworks, and entire applications. In fact, in most applications the majority of the code comprises reused third-party components. And all software code comes with certain rights and obligations if used by others or incorporated in a company’s codebase. Even code snippets …
Continue reading “Five types of software licenses you need to understand”
