Aug 31, 2023/

SANS 2023 DevSecOps Survey

By Black Duck Editorial Staff

Tags: Security News & Trends, DevSecOps

Aug 22, 2023/4 min read

Building Security In Podcast: New strategies for managing risk

By Black Duck Editorial Staff

Tags: DevSecOps

Aug 16, 2023/6 min read

Solving cross-platform DevSecOps challenges with Black Duck

By Black Duck Editorial Staff

Tags: DevSecOps

Aug 15, 2023/1 min read

CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon

By Black Duck Editorial Staff

Tags: CyRC

Jul 16, 2023/1 min read

Building Security In Podcast: Machine Learning + AI

By Black Duck Editorial Staff

Tags: Artificial Intelligence, DevSecOps

Jun 25, 2023/1 min read

Podcast: The current state of DevOps

By Black Duck Editorial Staff

Tags: Security News & Trends, Program Strategy & Planning, AppSec Best Practices, DevSecOps

Jun 08, 2023/1 min read

AppSec Decoded: Ease of use with Polaris

By Black Duck Editorial Staff

Tags: Agile, CI/CD, DevSecOps

May 31, 2023/6 min read

An Enterprise Guide: Periodic Cloud Security Risk Assessments

By Black Duck Editorial Staff

Tags: Cloud Security

May 31, 2023/1 min read

Synopsys named in 2023 Fortress Cyber Security Awards

By Black Duck Editorial Staff

Tags: Security News & Trends

May 24, 2023/1 min read

AppSec Decoded: Easy to scale with Polaris

By Black Duck Editorial Staff

Tags: Build Security into DevOps, DevSecOps

May 17, 2023/2 min read

Eliminate malicious code in your software supply chain

By Black Duck Editorial Staff

Tags: Secure the Software Supply Chain

May 14, 2023/1 min read

AppSec Decoded: Easy deployment with Polaris

By Black Duck Editorial Staff

Tags: 5G Wireless, DevSecOps, Manage Security Risks

May 08, 2023/1 min read

CRN’s 2023 Women of the Channel Awards list

By Black Duck Editorial Staff

Tags: Security News & Trends

Apr 25, 2023/1 min read

AppSec Decoded: Evaluating threats with threat modeling risk analysis

By Black Duck Editorial Staff

Tags: Threat Modeling, Manage Security Risks

Apr 20, 2023/1 min read

AppSec Decoded: Creating an attack model in threat modeling

By Black Duck Editorial Staff

Tags: Threat Modeling, Manage Security Risks

Apr 18, 2023/3 min read

Polaris integrations: Secure development at the speed of business

By Black Duck Editorial Staff

Tags: Agile, CI/CD, DevSecOps, Manage Security Risks

Apr 13, 2023/1 min read

AppSec Decoded: Creating a system model in threat modeling

By Black Duck Editorial Staff

Tags: Threat Modeling, Manage Security Risks

Apr 03, 2023/1 min read

AppSec Decoded: Scoping + data gathering in threat modeling

By Black Duck Editorial Staff

Tags: Threat Modeling, Manage Security Risks

Apr 03, 2023/4 min read

Polaris: Your no-compromise SaaS AST solution

By Black Duck Editorial Staff

Tags: Agile, CI/CD, DevSecOps, Manage Security Risks

Mar 15, 2023/7 min read

AppSec Decoded: Continuous AppSec testing in DevSecOps with Seeker IAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, IAST, DevSecOps

Mar 01, 2023/1 min read

AppSec Decoded: Managing your open source risks

By Black Duck Editorial Staff

Tags: SCA, Security News & Trends, Secure the Software Supply Chain

Feb 26, 2023/1 min read

AppSec Decoded: Takeaways from the 2022 “Software Vulnerability Snapshot” report

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends, Pen Testing, Manage Security Risks

Feb 08, 2023/3 min read

Spotlight on CRED: Benchmarking security with a BSIMM assessment

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks

Feb 06, 2023/1 min read

Tom Herrmann of the Synopsys Software Integrity Group recognized as 2023 CRN Channel Chief

By Black Duck Editorial Staff

Tags: Security News & Trends

Jan 30, 2023/1 min read

CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, CyRC

Jan 10, 2023/1 min read

AppSec Decoded: The research behind the 2022 “Software Vulnerability Snapshot”

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends, Pen Testing

Dec 08, 2022/3 min read

SBOM: What’s in your software ingredients list?

By Black Duck Editorial Staff

Tags: M&A, Secure the Software Supply Chain, OSS License Compliance

Nov 21, 2022/5 min read

Beyond NVD data: Using Black Duck Security Advisories for version accuracy

By Black Duck Editorial Staff

Tags: Security News & Trends, CyRC

Nov 08, 2022/11 min read

JavaScript security best practices for securing your applications

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Training

Nov 04, 2022/3 min read

Defensics adds gRPC support for distributed web and mobile application security testing

By Black Duck Editorial Staff

Tags: Fuzzing, Build Security into DevOps, Mobile, Web AppSec

Oct 28, 2022/4 min read

Avoid anaphylactic shock by auditing dependencies in software due diligence

By Black Duck Editorial Staff

Tags: M&A, OSS License Compliance

Oct 25, 2022/6 min read

New government directives and persistent threats reinforce urgency of securing software

By Black Duck Editorial Staff

Tags: Compliance, Public Sector

Oct 16, 2022/2 min read

Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Oct 13, 2022/3 min read

I have my Black Duck Audit reports; What’s next?

By Black Duck Editorial Staff

Tags: M&A, OSS License Compliance

Sep 23, 2022/3 min read

Commercial software licenses in software due diligence

By Black Duck Editorial Staff

Tags: M&A, OSS License Compliance

Sep 13, 2022/2 min read

CyRC Vulnerability Advisory: Denial-of-service vulnerabilities (CVE-2022-39063) in Open5GS

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, CyRC

Aug 29, 2022/1 min read

AppSec Decoded: Addressing NIST guidelines begins with understanding your risk profile

By Black Duck Editorial Staff

Tags: Public Sector

Aug 23, 2022/1 min read

AppSec Decoded: The NIST guidance on supply chain risk management

By Black Duck Editorial Staff

Tags: Secure the Software Supply Chain, Public Sector

Aug 10, 2022/1 min read

AppSec Decoded: An introduction to the Black Duck Cybersecurity Research Center

By Black Duck Editorial Staff

Tags: Security News & Trends, CyRC

Aug 09, 2022/5 min read

Synopsys and ESG report points to prevalence of software supply chain risks

By Black Duck Editorial Staff

Tags: SCA, Security News & Trends, Secure the Software Supply Chain, Cloud Security

Aug 03, 2022/1 min read

CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN

By Black Duck Editorial Staff

Tags: Security News & Trends, CyRC

Aug 01, 2022/6 min read

CyRC Vulnerability Analysis: Repo jacking in the software supply chain

By Black Duck Editorial Staff

Tags: CyRC

Jul 18, 2022/1 min read

AppSec Decoded: Application security orchestration and correlation

By Black Duck Editorial Staff

Tags: Build Security into DevOps, DevSecOps, Manage Security Risks, Orchestration & Correlation

Jul 13, 2022/1 min read

AppSec Decoded: Get the most out of your open source software

By Black Duck Editorial Staff

Tags: M&A, Secure the Software Supply Chain

Jun 26, 2022/6 min read

Celebrating one year of Rapid Scan Static

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

Jun 09, 2022/1 min read

AppSec Decoded: Security at the speed of DevOps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Manage Security Risks, Orchestration & Correlation

Jun 02, 2022/3 min read

Celebrating Pride 2022: Out in open source

By Black Duck Editorial Staff

Tags: Security News & Trends

May 22, 2022/1 min read

AppSec Decoded: Managing software supply chain risks

By Black Duck Editorial Staff

Tags: SCA, Secure the Software Supply Chain

May 12, 2022/3 min read

Two-factor authentication misconfiguration bypass

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Internet of Things

May 08, 2022/1 min read

Product Security Advisory: Reflected cross-site scripting in Black Duck Hub

By Black Duck Editorial Staff

Tags: Security News & Trends

Apr 05, 2022/1 min read

AppSec Decoded: Is an SBOM a silver bullet for software supply chain security?

By Black Duck Editorial Staff

Tags: SCA, Secure the Software Supply Chain, Compliance

Mar 31, 2022/4 min read

BYOD in the workforce: MDM and MAM with Microsoft Intune

By Black Duck Editorial Staff

Tags: Mobile, Manage Security Risks, Internet of Things

Mar 10, 2022/5 min read

Black Duck contributes to the Linux Foundation Census II of the most widely used open source application libraries

By Black Duck Editorial Staff

Tags: SCA

Mar 07, 2022/1 min read

#BreakTheBias: A conversation about tackling gender equality in the workforce

By Black Duck Editorial Staff

Tags: Security News & Trends

Feb 20, 2022/10 min read

Navigating the road ahead for automotive cybersecurity

By Black Duck Editorial Staff

Tags: Pen Testing, Threat Modeling, Manage Security Risks, Automotive

Feb 14, 2022/3 min read

Black History Month: Uplifting voices at Black Duck

By Black Duck Editorial Staff

Tags: Security News & Trends

Jan 31, 2022/1 min read

AppSec Decoded: Building security into DevSecOps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, DevSecOps

Jan 23, 2022/3 min read

Scale and mature your AppSec program with a managed services partner

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Dec 20, 2021/1 min read

AppSec Decoded: A proactive approach to building trust in your software supply chain

By Black Duck Editorial Staff

Tags: Secure the Software Supply Chain, Compliance, Public Sector

Dec 10, 2021/5 min read

CyRC Vulnerability Analysis: Remote code execution zero-day exploit in Java logging library (log4j2)

By Black Duck Editorial Staff

Tags: SCA, CyRC

Dec 08, 2021/5 min read

Safety Detectives interview with Tim Mackey

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks

Nov 16, 2021/2 min read

Don’t let Trojan Source sneak into your code

By Black Duck Editorial Staff

Tags: SAST

Oct 28, 2021/1 min read

AppSec Decoded: Why Biden’s executive order should be on your radar

By Black Duck Editorial Staff

Tags: Security News & Trends, Public Sector

Oct 16, 2021/7 min read

Top 10 Spring Security best practices for Java developers

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Web AppSec

Sep 26, 2021/1 min read

AppSec Decoded: Cyber security measures for technology buyers and suppliers

By Black Duck Editorial Staff

Tags: Security News & Trends, Secure the Software Supply Chain, Public Sector

Sep 14, 2021/1 min read

A new approach to AppSec

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Manage Security Risks, Orchestration & Correlation

Sep 10, 2021/4 min read

Strengthen your cloud security posture with Azure Sentinel

By Black Duck Editorial Staff

Tags: Cloud Security, Manage Security Risks

Sep 08, 2021/5 min read

ASOC series part 2: How to scale AppSec with application security automation

By Black Duck Editorial Staff

Tags: DevSecOps, Manage Security Risks, Orchestration & Correlation

Sep 02, 2021/7 min read

ASOC series part 1: How application security orchestration and correlation can improve DevSecOps efficiency

By Black Duck Editorial Staff

Tags: DevSecOps, Manage Security Risks, Orchestration & Correlation

Aug 19, 2021/6 min read

Reflections on trusting plugins: Backdooring Jenkins builds

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Aug 08, 2021/5 min read

Keep infrastructure as code secure with Black Duck

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Aug 03, 2021/5 min read

How to run your CodeXM checker

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, SAST

Jul 28, 2021/1 min read

AppSec Decoded: New executive order changes dynamic of software security standards

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Compliance, Manage Security Risks, Public Sector

Jul 11, 2021/6 min read

Reduce open source software risks in your supply chain

By Black Duck Editorial Staff

Tags: Secure the Software Supply Chain

Jul 08, 2021/3 min read

Getting started with writing checkers using CodeXM

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Jun 17, 2021/1 min read

Reduce open source risk in M&A with software due diligence

By Black Duck Editorial Staff

Tags: M&A, SCA, OSS License Compliance

Jun 05, 2021/3 min read

Web application security testing at scale with Coverity SAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

May 12, 2021/4 min read

Cybersecurity Executive Order requires new software security standards

By Black Duck Editorial Staff

Tags: Security News & Trends, Compliance, Public Sector

Apr 08, 2021/12 min read

Integrating fuzzing into DevSecOps

By Black Duck Editorial Staff

Tags: Fuzzing, Build Security into DevOps, DevSecOps

Mar 14, 2021/4 min read

Why should DevOps teams choose IAST?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, IAST

Feb 08, 2021/3 min read

8 must-have features in an IAST solution

By Black Duck Editorial Staff

Tags: IAST, Manage Security Risks

Jan 31, 2021/1 min read

AppSec Decoded: Manufacturing more-secure IoT devices

By Black Duck Editorial Staff

Tags: Manage Security Risks, Internet of Things

Oct 20, 2020/1 min read

AppSec Decoded: The security dilemma of IoT devices

By Black Duck Editorial Staff

Tags: Manage Security Risks, Internet of Things

Aug 25, 2020/4 min read

Developing a COVID-19 track and trace app — through the lens of Black Duck

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps, Threat & Risk Assessment, Mobile, IAST, SAST, Public Sector

Jun 28, 2020/4 min read

Are you following the top 10 software security best practices?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Manage Security Risks

Jun 16, 2020/3 min read

An introduction to installing Black Duck

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps

Jun 11, 2020/11 min read

Authentication Token Obtain and Replace (ATOR) Burp plugin to handle complex login sequences

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jun 03, 2020/2 min read

How to overcome the top 6 application security challenges

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

May 13, 2020/3 min read

Critical gap in developer security training puts applications at risk

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Training

May 05, 2020/4 min read

3 ways to boost your security with role-based security compliance training

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Compliance, AppSec Best Practices, Training

May 03, 2020/2 min read

3 long-term benefits of an application security training strategy

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training

Apr 27, 2020/15 min read

CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices

By Black Duck Editorial Staff

Tags: Security News & Trends, Compliance, CyRC

Apr 21, 2020/3 min read

The Complete Application Security Checklist

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Apr 13, 2020/1 min read

CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone

By Black Duck Editorial Staff

Tags: Security News & Trends, Mobile, CyRC

Apr 07, 2020/3 min read

How 5G and IoT devices open up the attack surface on enterprises

By Black Duck Editorial Staff

Tags: Fuzzing, Manage Security Risks, Internet of Things

Mar 29, 2020/3 min read

3 ways to improve your software development skills

By Black Duck Editorial Staff

Tags: Security News & Trends, Training

Mar 10, 2020/3 min read

How does IAST fit into DevSecOps?

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, IAST, DevSecOps

Mar 03, 2020/5 min read

5G: Vast potential, but better security needed

By Black Duck Editorial Staff

Tags: Fuzzing, Mobile, Manage Security Risks, Internet of Things

Feb 12, 2020/11 min read

Top 10 FOSS legal developments in 2019

By Black Duck Editorial Staff

Tags: Security News & Trends, OSS License Compliance

Feb 03, 2020/3 min read

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

By Black Duck Editorial Staff

Tags: Security News & Trends, Container Security

Feb 03, 2020/4 min read

Mobile security app-titude best practices for secure app design and data privacy

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Mobile

Feb 02, 2020/5 min read

Ask the Experts: What’s most rewarding about your career in cyber security?

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Manage Security Risks

Jan 18, 2020/4 min read

Synopsys adds GitHub Action for SAST and SCA

By Black Duck Editorial Staff

Tags: SCA, Agile, CI/CD, Build Security into DevOps, SAST

Jan 08, 2020/1 min read

Synopsys acquires Tinfoil Security, DAST and API testing solutions provider

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends

Nov 19, 2019/3 min read

SAST vs. SCA: What’s the difference? Do I need both?

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps, SAST

Nov 17, 2019/3 min read

Integrating Coverity Scan with GitLab CI

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, SAST

Oct 09, 2019/2 min read

CloudBees and Synopsys: Putting “Sec” into DevSecOps

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps

Sep 29, 2019/4 min read

Wormwood – An Explicit Way to Test Absinthe GraphQL APIs

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Sep 26, 2019/2 min read

Coverity release ties in well to the latest MITRE CWE Top 25

By Black Duck Editorial Staff

Tags: SCA, Security News & Trends, Compliance, SAST

Sep 19, 2019/4 min read

Q&A: Fuzz testing, agent instrumentation, and Defensics

By Black Duck Editorial Staff

Tags: Fuzzing, Build Security into DevOps

Aug 26, 2019/3 min read

What are the different types of security vulnerabilities?

By Black Duck Editorial Staff

Tags: Web AppSec, Manage Security Risks

Aug 13, 2019/2 min read

[Infographic] Financial cybersecurity by the numbers

By Black Duck Editorial Staff

Tags: Security News & Trends, Financial Services

Aug 11, 2019/6 min read

The license and security risks of using Node.js

By Black Duck Editorial Staff

Tags: Web AppSec, Manage Security Risks

Aug 04, 2019/5 min read

Ask the Experts: How can we prevent ransomware attacks?

By Black Duck Editorial Staff

Tags: Security News & Trends, Program Strategy & Planning, Training

Jul 15, 2019/2 min read

Top 3 cloud security trends for 2019

By Black Duck Editorial Staff

Tags: Security News & Trends, Cloud Security, Manage Security Risks

Jul 09, 2019/1 min read

Join Synopsys at codenomi-con and Black Hat USA 2019

By Black Duck Editorial Staff

Tags: Security News & Trends

Jun 18, 2019/7 min read

Web AppSec interview questions every company should ask

By Black Duck Editorial Staff

Tags: Security News & Trends, Web AppSec, Manage Security Risks

Jun 10, 2019/8 min read

Ask the Experts: Should the US have a data privacy law similar to GDPR?

By Black Duck Editorial Staff

Tags: Compliance, Manage Security Risks, Public Sector

May 24, 2019/3 min read

How are code quality and code security related?

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Internet of Things

May 08, 2019/1 min read

Announcing Code Sight 2019.4

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, SAST

May 06, 2019/4 min read

Synopsys and Red Hat OpenShift 4: One smooth Operator!

By Black Duck Editorial Staff

Tags: Container Security

Apr 18, 2019/2 min read

Are you making these software standards compliance mistakes?

By Black Duck Editorial Staff

Tags: Compliance, Manage Security Risks

Apr 09, 2019/4 min read

Complex but helpful: Negotiating FDA guidance to build a cybersecurity program

By Black Duck Editorial Staff

Tags: Security News & Trends, Healthcare

Feb 05, 2019/2 min read

Container scanning for security with Black Duck OpsSight 2.2

By Black Duck Editorial Staff

Tags: Container Security

Jan 30, 2019/2 min read

How to “shift left” with application security tools, and how not to

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps

Jan 29, 2019/7 min read

Why dependencies matter for SAST

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training, SAST

Jan 29, 2019/3 min read

Server-side GraphQL Querying with Elixir Absinthe

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends

Jan 15, 2019/4 min read

Top 10 software vulnerability list for 2019

By Black Duck Editorial Staff

Tags: Security News & Trends, Mobile, Web AppSec

Nov 19, 2018/2 min read

Should I include CSRF protection on a login form?

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Nov 13, 2018/1 min read

Today I Learned: Using SCSS in your Vue Components

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Nov 06, 2018/2 min read

Shared responsibility model: Who owns cloud security?

By Black Duck Editorial Staff

Tags: Cloud Security, Manage Security Risks

Oct 11, 2018/2 min read

Automation: One of the keys to DevSecOps

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Program Strategy & Planning, DevSecOps, Manage Security Risks

Sep 22, 2018/4 min read

Tineola: Taking a bite out of enterprise blockchain

By Black Duck Editorial Staff

Tags: Security News & Trends

Sep 14, 2018/6 min read

Let’s write more CodeXM checkers (second-stage ignition)

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Sep 12, 2018/3 min read

The IoT within us: Network-connected medical devices

By Black Duck Editorial Staff

Tags: Security News & Trends, Medical Devices, Healthcare, Internet of Things

Sep 11, 2018/1 min read

What’s so special about zero-day vulnerabilities?

By Black Duck Editorial Staff

Tags: Security News & Trends

Sep 05, 2018/2 min read

A Quick Guide to the Complex: Ecto.Multi

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Aug 26, 2018/3 min read

Securing applications with Coverity’s static analysis results

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends, SAST

Aug 19, 2018/2 min read

Integrating Coverity static analysis into development workflows

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Build Security into DevOps, SAST

Aug 01, 2018/3 min read

Slim Docker Images for Rails

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Jul 20, 2018/4 min read

Remediating XSS: Does a single fix work?

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks

Jul 14, 2018/2 min read

How RASP complements application security testing to minimize risk

By Black Duck Editorial Staff

Tags: IAST, Web AppSec, Manage Security Risks

Jun 14, 2018/3 min read

The what, why, and who of runtime application self-protection (RASP)

By Black Duck Editorial Staff

Tags: Web AppSec, Manage Security Risks

Jun 06, 2018/2 min read

5 DevSecOps essentials and how to achieve them

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends, DevSecOps

May 25, 2018/3 min read

How does the TeenSafe data leak present a classic false sense of security?

By Black Duck Editorial Staff

Tags: Security News & Trends, Cloud Security

Mar 21, 2018/8 min read

Detecting Spectre vulnerability exploits with static analysis

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Feb 26, 2018/

Subscribe to stay on top of the latest in software security

By Black Duck Editorial Staff

Tags:

Jan 30, 2018/5 min read

Migrating to Docker on Black Duck

By Black Duck Editorial Staff

Tags: SCA, Build Security into DevOps, Container Security

Jan 19, 2018/1 min read

Is shadow engineering developing your applications?

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends

Jan 18, 2018/6 min read

The Data Protection Directive versus the GDPR: Understanding key changes

By Black Duck Editorial Staff

Tags: Security News & Trends, Compliance

Jan 09, 2018/1 min read

Manage security risk in GitHub open source projects with CoPilot

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends

Jan 02, 2018/3 min read

Is breach of the GPL license breach of contract?

By Black Duck Editorial Staff

Tags: OSS License Compliance

Dec 06, 2017/1 min read

PayPal uncovers TIO Networks data breach affecting 1.6 million users

By Black Duck Editorial Staff

Tags: Security News & Trends

Nov 29, 2017/4 min read

Navigating responsible vulnerability disclosure best practices

By Black Duck Editorial Staff

Tags: Fuzzing, AppSec Best Practices, Manage Security Risks

Nov 01, 2017/4 min read

How to proactively protect IoT devices from DDoS attacks

By Black Duck Editorial Staff

Tags: Security News & Trends

Oct 17, 2017/5 min read

ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards

By Black Duck Editorial Staff

Tags: Security News & Trends

Oct 14, 2017/3 min read

What is cloud-native container security?

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends, Cloud Security

Oct 12, 2017/1 min read

Black Duck and Google Grafeas: Improving container visibility and security

By Black Duck Editorial Staff

Tags: SCA, Agile, CI/CD, Container Security

Sep 29, 2017/5 min read

How to implement security measures without negatively affecting software quality

By Black Duck Editorial Staff

Tags: Security News & Trends

Sep 21, 2017/3 min read

Why do companies need a software security program?

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Sep 13, 2017/3 min read

So Apache broke up with Facebook. How does that affect you?

By Black Duck Editorial Staff

Tags: M&A, Security News & Trends, OSS License Compliance

Sep 12, 2017/3 min read

What you need to know about BlueBorne Bluetooth flaws

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, SAST, Internet of Things

Sep 10, 2017/3 min read

Black Duck finds 3 Linux kernel vulnerabilities

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends

Sep 05, 2017/2 min read

“Easy” to hack Apache Struts vulnerability CVE-2017-9805

By Black Duck Editorial Staff

Tags: Security News & Trends

Sep 05, 2017/6 min read

A journey through the secure software development life cycle phases

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Aug 28, 2017/4 min read

DEF CON 25 exposes voting system vulnerabilities

By Black Duck Editorial Staff

Tags: Security News & Trends, Public Sector

Aug 22, 2017/1 min read

Hub Detect: Comprehensive open source scanning

By Black Duck Editorial Staff

Tags: Security News & Trends

Aug 15, 2017/3 min read

Scan nirvana: Hub Detect for all native build and CI tools

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jul 07, 2017/3 min read

Is threat modeling compatible with Agile and DevSecOps?

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Threat Modeling, Manage Security Risks

Jun 21, 2017/2 min read

3 permissive licenses and why they deserve a little respect

By Black Duck Editorial Staff

Tags: M&A, OSS License Compliance

May 29, 2017/2 min read

4 key differences moving from Java to .NET Core

By Black Duck Editorial Staff

Tags: Security News & Trends

May 24, 2017/2 min read

When should threat modeling take place in the SDLC?

By Black Duck Editorial Staff

Tags: Threat Modeling, Manage Security Risks

May 16, 2017/2 min read

Node.js: Preventing common vulnerabilities in the MEAN stack

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

May 08, 2017/5 min read

AngularJS: Preventing common vulnerabilities in the MEAN stack

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec

May 07, 2017/3 min read

DoublePulsar continues to expose older Windows boxes: What you need to know

By Black Duck Editorial Staff

Tags: Security News & Trends

May 07, 2017/2 min read

.NET component vulnerability analysis in production

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Security News & Trends

May 01, 2017/3 min read

Heartbleed: OpenSSL vulnerability lives on

By Black Duck Editorial Staff

Tags: Security News & Trends

Apr 27, 2017/3 min read

What are the signs your web application has been hacked?

By Black Duck Editorial Staff

Tags: Security News & Trends

Apr 20, 2017/2 min read

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 18, 2017/4 min read

How to mitigate third-party security risks

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks

Apr 13, 2017/5 min read

MongoDB: Preventing common vulnerabilities in the MEAN stack

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec

Apr 04, 2017/7 min read

Attributes of secure web application architecture

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec, Manage Security Risks

Mar 26, 2017/4 min read

Does software quality equal software security? It depends

By Black Duck Editorial Staff

Tags: SCA, Fuzzing, Compliance, Manage Security Risks

Mar 22, 2017/6 min read

Swift: Close to greatness in programming language design, Part 2

By Black Duck Editorial Staff

Tags: Build Security into DevOps, SAST

Mar 21, 2017/3 min read

Vulnerability management and triage in 3 steps

By Black Duck Editorial Staff

Tags: AppSec Best Practices, Manage Security Risks

Mar 18, 2017/2 min read

CVE-2017-2636 strikes Linux kernel with double free vulnerability

By Black Duck Editorial Staff

Tags: Security News & Trends

Mar 01, 2017/2 min read

Howard Schmidt, the United States’ first Cybersecurity Czar, has died

By Black Duck Editorial Staff

Tags: Security News & Trends, Public Sector

Feb 27, 2017/4 min read

Responsible disclosure on a timetable

By Black Duck Editorial Staff

Tags: Security News & Trends, Healthcare

Feb 23, 2017/11 min read

AngularJS security series part 1: Angular $http service

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Training

Feb 22, 2017/3 min read

Cloudbleed, like Heartbleed, may affect millions

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, Cloud Security, Manage Security Risks

Feb 16, 2017/2 min read

Examining vulnerability criticality when risk ranking vulnerabilities

By Black Duck Editorial Staff

Tags: Manage Security Risks

Jan 31, 2017/3 min read

An overview of open standards for IoT communication protocols

By Black Duck Editorial Staff

Tags: Compliance, Internet of Things

Jan 23, 2017/2 min read

3 things to consider when risk ranking your applications

By Black Duck Editorial Staff

Tags: Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Dec 08, 2016/3 min read

The fly in the ointment of the JSON license

By Black Duck Editorial Staff

Tags: OSS License Compliance

Nov 28, 2016/4 min read

5 reasons to use third-party authentication instead of creating your own

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Compliance, SAST

Nov 28, 2016/3 min read

Here are the top 10 best practices for securing Android apps

By Black Duck Editorial Staff

Tags: AppSec Best Practices, Mobile, Training, Manage Security Risks

Nov 21, 2016/4 min read

Hearts and minds: Culture management vs. human resources

By Black Duck Editorial Staff

Tags: Security News & Trends

Nov 14, 2016/1 min read

Set up a software security group in 5 steps

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Nov 12, 2016/7 min read

How to respond to application security incidents

By Black Duck Editorial Staff

Tags: Manage Security Risks

Nov 08, 2016/5 min read

Abuse cases: How to think like a hacker

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Nov 06, 2016/5 min read

OSS warranties and indemnities in technology transactions

By Black Duck Editorial Staff

Tags: M&A, OSS License Compliance

Nov 05, 2016/2 min read

Synopsys expands security signoff solution with Cigital and Codiscope acquisition

By Black Duck Editorial Staff

Tags: Security News & Trends, Manage Security Risks

Oct 24, 2016/3 min read

Dyn DDoS attack: IoT vulnerabilities

By Black Duck Editorial Staff

Tags: Security News & Trends, Internet of Things

Oct 21, 2016/2 min read

The pursuit of Hapi-ness: 5 must-have Hapi security plugins

By Black Duck Editorial Staff

Tags: Security News & Trends

Oct 19, 2016/4 min read

Brace yourselves: Application transport security is coming

By Black Duck Editorial Staff

Tags: Security News & Trends, Mobile

Oct 19, 2016/3 min read

Vulnerability management: Designing severity risk ranking systems

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends

Oct 14, 2016/3 min read

Open source security management: A question of when, not whether

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends, SAST

Oct 12, 2016/5 min read

Why isn’t cyber security taught in schools?

By Black Duck Editorial Staff

Tags: Security News & Trends, Training

Oct 05, 2016/4 min read

Guide to open source licenses

By Black Duck Editorial Staff

Tags: M&A, OSS License Compliance

Sep 26, 2016/2 min read

Identifying and resolving software vulnerabilities: A balancing act

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Sep 24, 2016/1 min read

AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

By Black Duck Editorial Staff

Tags: Security News & Trends, Compliance, Medical Devices

Sep 21, 2016/2 min read

Why there are at least 6,000 vulnerabilities without CVE-IDs

By Black Duck Editorial Staff

Tags: Security News & Trends

Sep 19, 2016/6 min read

AGPL: Out of the shadows

By Black Duck Editorial Staff

Tags: M&A, Security News & Trends, OSS License Compliance

Sep 15, 2016/1 min read

Software testing included in final ISA / IEC 62443-4-1

By Black Duck Editorial Staff

Tags: Security News & Trends, Compliance

Sep 07, 2016/2 min read

The Complete Security Vulnerability Assessment Checklist

By Black Duck Editorial Staff

Tags: Threat & Risk Assessment, Web AppSec, Manage Security Risks

Aug 31, 2016/3 min read

Recognizing Another Type of Threat: Non-targeted Attacks

By Black Duck Editorial Staff

Tags: Manage Security Risks

Aug 24, 2016/3 min read

4 ineffective security controls that leave you with a false sense of security

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training

Aug 24, 2016/2 min read

Pseudorandom number generation means pseudosecurity

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Training

Aug 17, 2016/6 min read

4 principles of secure software design

By Black Duck Editorial Staff

Tags: Security News & Trends

Aug 08, 2016/3 min read

Avoiding false positives in application security through customization

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks

Jul 18, 2016/2 min read

Web application security threats and countermeasures

By Black Duck Editorial Staff

Tags: Web AppSec, Manage Security Risks

Jul 12, 2016/3 min read

The 5 pillars of a successful threat model

By Black Duck Editorial Staff

Tags: Threat Modeling, Manage Security Risks

Jun 13, 2016/5 min read

How to mitigate the Java deserialization vulnerability in JBoss application servers

By Black Duck Editorial Staff

Tags: Security News & Trends, AppSec Best Practices

Jun 13, 2016/8 min read

Rocket.Chat: Enabling privately hosted chat services

By Black Duck Editorial Staff

Tags: Security News & Trends

Jun 01, 2016/3 min read

4 threat modeling questions to ask before your next Agile sprint

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Threat Modeling, Manage Security Risks

May 24, 2016/1 min read

For want of a CVE: MITRE’s ongoing CVE backlog

By Black Duck Editorial Staff

Tags: Security News & Trends

May 14, 2016/5 min read

Best practices for free and open source software vulnerability management

By Black Duck Editorial Staff

Tags: Agile, CI/CD, AppSec Best Practices

May 05, 2016/4 min read

Are SaaS companies immune to open source risk?

By Black Duck Editorial Staff

Tags: OSS License Compliance

Apr 28, 2016/3 min read

Man in the middle: When Bob met Alice, and Eve heard everything

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks

Apr 27, 2016/2 min read

The open perimeter: Is your internal network protected?

By Black Duck Editorial Staff

Tags: Security News & Trends, Internet of Things

Apr 12, 2016/7 min read

TLS 1.3 and the future of cryptographic protocols

By Black Duck Editorial Staff

Tags: Security News & Trends

Apr 11, 2016/1 min read

Black Duck discovers CVE-2015-5370 in Samba’s DCE/RPC protocol implementation

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, CyRC

Apr 04, 2016/2 min read

How to avoid the top 10 software security flaws

By Black Duck Editorial Staff

Tags: Security News & Trends

Mar 15, 2016/3 min read

How to do static analysis testing in 6 easy steps

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, SAST, Manage Security Risks

Mar 12, 2016/2 min read

Web application security basics: 3 tips to get started

By Black Duck Editorial Staff

Tags: Security News & Trends

Mar 09, 2016/3 min read

What’s the difference? OAuth 1.0 vs OAuth 2.0

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Training

Mar 08, 2016/9 min read

An examination of ineffective certificate pinning implementations

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile

Feb 22, 2016/3 min read

Security risks in mergers and acquisitions

By Black Duck Editorial Staff

Tags: M&A, Manage Security Risks, OSS License Compliance

Feb 04, 2016/2 min read

Do you believe the 7 myths of software security?

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Jan 24, 2016/4 min read

3 security risks that architecture analysis can resolve

By Black Duck Editorial Staff

Tags: Security News & Trends, Threat & Risk Assessment

Jan 18, 2016/4 min read

Pen testing best practices to take the pain out of penetration testing

By Black Duck Editorial Staff

Tags: Build Security into DevOps, AppSec Best Practices, Web AppSec

Jan 14, 2016/2 min read

5 essentials of cloud-based application security testing

By Black Duck Editorial Staff

Tags: Agile, CI/CD, Cloud Security, Manage Security Risks

Dec 21, 2015/4 min read

How to mitigate your third-party mobile keyboard risk

By Black Duck Editorial Staff

Tags: Security News & Trends, Mobile

Dec 10, 2015/2 min read

What Is Cross-Site Request Forgery?

By Black Duck Editorial Staff

Tags: Security News & Trends

Dec 09, 2015/2 min read

What are cryptographic hash functions?

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Manage Security Risks

Dec 05, 2015/3 min read

3 ways abuse cases can drive security requirements

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Oct 22, 2015/5 min read

Software security myth #3: Penetration testing solves everything

By Black Duck Editorial Staff

Tags: Security News & Trends, AppSec Best Practices, Pen Testing, Manage Security Risks

Oct 09, 2015/5 min read

Using the SafetyNet API

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile

Oct 07, 2015/4 min read

3 fundamentals of a software security initiative

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Sep 27, 2015/4 min read

Adding security steps to your agile development process

By Black Duck Editorial Staff

Tags: Security News & Trends

Sep 22, 2015/4 min read

Agile and application security: A promising pair

By Black Duck Editorial Staff

Tags: Security News & Trends

Aug 14, 2015/3 min read

The cathedral and the bazaar of software security vulnerabilities

By Black Duck Editorial Staff

Tags: Security News & Trends

Aug 04, 2015/5 min read

Software is everywhere

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends

Aug 03, 2015/5 min read

Integrating Touch ID into your iOS applications

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile

Jul 27, 2015/3 min read

3 reasons software security governance is essential to your business

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Manage Security Risks

Jul 26, 2015/2 min read

How to build a red teaming playbook

By Black Duck Editorial Staff

Tags: Threat & Risk Assessment, Manage Security Risks

Jun 18, 2015/3 min read

Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability

By Black Duck Editorial Staff

Tags: Security News & Trends

Jun 18, 2015/2 min read

4 application security skills every expert ought to have

By Black Duck Editorial Staff

Tags: Security News & Trends, Web AppSec, Training

Apr 07, 2015/4 min read

How mapping the Ocean’s Eleven heist can make you better at application security testing

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Mar 30, 2015/3 min read

Is conventional penetration testing enough to secure e-commerce applications?

By Black Duck Editorial Staff

Tags: Pen Testing, Web AppSec, Manage Security Risks

Mar 22, 2015/4 min read

The 3 laws of robots.txt

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec

Mar 15, 2015/3 min read

XML External Entity Injection

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends

Feb 04, 2015/1 min read

Build software security in. Don’t rely on a tower defense strategy.

By Black Duck Editorial Staff

Tags: Security News & Trends

Feb 01, 2015/5 min read

The role of randomness in online gambling

By Black Duck Editorial Staff

Tags: Security News & Trends

Dec 13, 2014/8 min read

How to fix cross-site scripting: A developer’s guide

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps

Nov 03, 2014/9 min read

Understanding Python bytecode

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Web AppSec, Manage Security Risks

Aug 14, 2014/3 min read

How To Fix POODLE (And Why You’re Probably Still Vulnerable)

By Black Duck Editorial Staff

Tags: DAST, Security News & Trends

Jul 29, 2014/4 min read

Multi-Stack Integration Tests with CircleCI

By Black Duck Editorial Staff

Tags: Security News & Trends

May 19, 2014/4 min read

Cordova InAppBrowser remote privilege escalation

By Black Duck Editorial Staff

Tags: Security News & Trends

Apr 24, 2014/3 min read

Understanding fragment injection

By Black Duck Editorial Staff

Tags: Build Security into DevOps, Mobile, Web AppSec

Apr 13, 2014/4 min read

On detecting Heartbleed with static analysis

By Black Duck Editorial Staff

Tags: Security News & Trends, Build Security into DevOps, SAST

Apr 07, 2014/6 min read

Heartbleed vulnerability: What should you do?

By Black Duck Editorial Staff

Tags: Fuzzing, Security News & Trends, Build Security into DevOps

Jan 15, 2014/3 min read

SecureRandom implementation (sun.security.provider.SecureRandom – SHA1PRNG)

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Jan 05, 2014/2 min read

Issues to be aware of when using Java's SecureRandom

By Black Duck Editorial Staff

Tags: Build Security into DevOps

Oct 29, 2013/2 min read

Remote code execution in Apache Roller via OGNL injection

By Black Duck Editorial Staff

Tags: Security News & Trends

Oct 15, 2013/3 min read

2 path traversal defects in Oracle's JSF2 implementation

By Black Duck Editorial Staff

Tags: Security News & Trends

Jul 09, 2013/6 min read

Stop Paying For SSL Certificates You Don’t Need

By Black Duck Editorial Staff

Tags: Security News & Trends

Jun 27, 2013/5 min read

Cross-Browser Development Tips: Part 1 - CSS

By Black Duck Editorial Staff

Tags: Security News & Trends

Mar 07, 2013/4 min read

Ruby Demystified: and vs. &&

By Black Duck Editorial Staff

Tags: DAST, Build Security into DevOps

Jan 24, 2013/4 min read

Who’s afraid of GPL3?

By Black Duck Editorial Staff

Tags: Manage Security Risks

Oct 31, 2010/2 min read

Secure URL redirection remediation

By Black Duck Editorial Staff

Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec

Aug 09, 2007/1 min read

Mitigate XSS: Why input validation is bogus

By Black Duck Editorial Staff

Tags: Security News & Trends

Mar 14, 2007/1 min read

Busting the SQL stored procedure myth

By Black Duck Editorial Staff

Tags: Security News & Trends