The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection
  • English
  • 日本語

[NEW] A pragmatic guide to getting started with ASPM

By Rod Musser

Read more

[NEW] Is AI-generated code secure? Maybe. Maybe not.

By Patrick Carey

Read more
Is AI-generated code secure? Maybe. Maybe not.

The changing face of software supply chain security risk

By Fred Bals

Read more

Software and Application Security Blog

Most recent

A new identity for the Synopsys Software Integrity Group

A new identity for the Synopsys Software Integrity Group

Jason Schmitt
By Jason Schmitt

Aug 12, 2024 / 2 min read

Tags: Security News & Trends
CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

Mohammed Alshehri
By Mohammed Alshehri

Jun 04, 2024 / 1 min read

Tags: Security News & Trends, CyRC
CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

Mohammed Alshehri
By Mohammed Alshehri

May 27, 2024 / 1 min read

Tags: Security News & Trends, CyRC
Clearlake Capital Group and Francisco Partners reach agreement to purchase the Software Integrity Group

Clearlake Capital Group and Francisco Partners reach agreement to purchase the Software Integrity Group

Jason Schmitt
By Jason Schmitt

May 08, 2024 / 1 min read

Tags: Security News & Trends
Accelerate application code fixes with AI-powered Polaris Assist

Accelerate application code fixes with AI-powered Polaris Assist

Corey Hamilton
By Corey Hamilton

Apr 29, 2024 / 3 min read

Tags: Artificial Intelligence, Security News & Trends, Build Security into DevOps
Top 10 free pen tester tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Security News & Trends, Build Security into DevOps
CVE-2017-5638: The Apache Struts vulnerability explained

CVE-2017-5638: The Apache Struts vulnerability explained

Fred Bals
By Fred Bals

Mar 16, 2024 / 3 min read

Tags: Security News & Trends, Secure the Software Supply Chain
2024 OSSRA Report: Outdated code risk in open source components

2024 OSSRA Report: Outdated code risk in open source components

Fred Bals
By Fred Bals

Mar 06, 2024 / 4 min read

Tags: Security News & Trends, Secure the Software Supply Chain, Manage Security Risks

Manage Security Risks

See all manage security risks posts

A pragmatic guide to getting started with ASPM

A pragmatic guide to getting started with ASPM

Rod Musser
By Rod Musser

Jul 09, 2024 / 3 min read

Tags: Manage Security Risks, Orchestration & Correlation
SSDF BSIMM mapping updated for BSIMM14

SSDF BSIMM mapping updated for BSIMM14

Mike Lyman
By Mike Lyman

Jun 18, 2024 / 8 min read

Tags: Program Strategy & Planning, Compliance, Manage Security Risks
Solving telecom network security challenges with Defensics

Solving telecom network security challenges with Defensics

AP
By Andy Pan

Apr 15, 2024 / 3 min read

Tags: Mobile, Manage Security Risks
Top 10 free pen tester tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Managing risk at scale

Managing risk at scale

Charlotte Freeman
By Charlotte Freeman

Apr 08, 2024 / 2 min read

Tags: Manage Security Risks
SANS report: Securing the shifting landscape of application development

SANS report: Securing the shifting landscape of application development

Charlotte Freeman
By Charlotte Freeman

Apr 03, 2024 / 2 min read

Tags: Manage Security Risks
Guide to updating from NIST CSF 1.1 to 2.0

Guide to updating from NIST CSF 1.1 to 2.0

John Waller
By John Waller

Mar 29, 2024 / 7 min read

Tags: Cloud Security, Manage Security Risks
4 approaches to vulnerability remediation

4 approaches to vulnerability remediation

Natalie Lightner
By Natalie Lightner

Mar 27, 2024 / 4 min read

Tags: SCA, Build Security into DevOps, Training, Manage Security Risks
2024 OSSRA report: Open source license compliance remains problematic

2024 OSSRA report: Open source license compliance remains problematic

Fred Bals
By Fred Bals

Mar 19, 2024 / 4 min read

Tags: Artificial Intelligence, Manage Security Risks, OSS License Compliance

See all posts

Build Security into DevOps

See all build security into DevOps posts

Why penetration testing needs to be part of your IoT security

Why penetration testing needs to be part of your IoT security

Debrup Ghosh
By Debrup Ghosh

Jul 16, 2024 / 4 min read

Tags: Build Security into DevOps, Pen Testing
Accelerate application code fixes with AI-powered Polaris Assist

Accelerate application code fixes with AI-powered Polaris Assist

Corey Hamilton
By Corey Hamilton

Apr 29, 2024 / 3 min read

Tags: Artificial Intelligence, Security News & Trends, Build Security into DevOps
Understanding Python pickling and how to use it securely

Understanding Python pickling and how to use it securely

Ashutosh Agrawal
By Ashutosh Agrawal

Apr 17, 2024 / 3 min read

Tags: Build Security into DevOps, Training
How to detect, prevent, and mitigate buffer overflow attacks

How to detect, prevent, and mitigate buffer overflow attacks

Natalie Lightner
By Natalie Lightner

Mar 31, 2024 / 8 min read

Tags: Build Security into DevOps, SAST
4 approaches to vulnerability remediation

4 approaches to vulnerability remediation

Natalie Lightner
By Natalie Lightner

Mar 27, 2024 / 4 min read

Tags: SCA, Build Security into DevOps, Training, Manage Security Risks
Top 4 software development methodologies

Top 4 software development methodologies

Mike McGuire
By Mike McGuire

Mar 24, 2024 / 5 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps
Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Security News & Trends, Build Security into DevOps
Six Python security best practices for developers

Six Python security best practices for developers

Boris Cipot
By Boris Cipot

Mar 18, 2024 / 8 min read

Tags: Build Security into DevOps, AppSec Best Practices, Training
SAST vs. DAST: What’s the best method for application security testing?

SAST vs. DAST: What’s the best method for application security testing?

Apoorva Phadke
By Apoorva Phadke

Mar 18, 2024 / 3 min read

Tags: DAST, Build Security into DevOps, Web AppSec, SAST

See all posts

Secure the Software Supply Chain

See all secure the software supply chain posts

Once and future code snippets: How AI reignites risk

Once and future code snippets: How AI reignites risk

Phil Odence
By Phil Odence

Jul 24, 2024 / 3 min read

Tags: M&A, SCA, Secure the Software Supply Chain
Is AI-generated code secure? Maybe. Maybe not.

Is AI-generated code secure? Maybe. Maybe not.

Patrick Carey
By Patrick Carey

Jun 12, 2024 / 4 min read

Tags: Artificial Intelligence, Secure the Software Supply Chain, Software Supply Chain Security, Securing the Software Supply Chain
The changing face of software supply chain security risk

The changing face of software supply chain security risk

Fred Bals
By Fred Bals

May 16, 2024 / 3 min read

Tags: SCA, Secure the Software Supply Chain
Building a software Bill of Materials with Black Duck

Building a software Bill of Materials with Black Duck

Mike McGuire
By Mike McGuire

Apr 20, 2024 / 5 min read

Tags: SCA, Secure the Software Supply Chain, Compliance
Securing the software supply chain with Black Duck Supply Chain Edition

Securing the software supply chain with Black Duck Supply Chain Edition

Mike McGuire
By Mike McGuire

Apr 09, 2024 / 4 min read

Tags: SCA, Secure the Software Supply Chain
What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack

What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack

Fred Bals
By Fred Bals

Apr 08, 2024 / 5 min read

Tags: Secure the Software Supply Chain

See all posts

Security News & Trends

See all security news & trends posts

A new identity for the Synopsys Software Integrity Group

A new identity for the Synopsys Software Integrity Group

Jason Schmitt
By Jason Schmitt

Aug 12, 2024 / 2 min read

Tags: Security News & Trends
CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

Mohammed Alshehri
By Mohammed Alshehri

Jun 04, 2024 / 1 min read

Tags: Security News & Trends, CyRC
CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

Mohammed Alshehri
By Mohammed Alshehri

May 27, 2024 / 1 min read

Tags: Security News & Trends, CyRC
Clearlake Capital Group and Francisco Partners reach agreement to purchase the Software Integrity Group

Clearlake Capital Group and Francisco Partners reach agreement to purchase the Software Integrity Group

Jason Schmitt
By Jason Schmitt

May 08, 2024 / 1 min read

Tags: Security News & Trends
Accelerate application code fixes with AI-powered Polaris Assist

Accelerate application code fixes with AI-powered Polaris Assist

Corey Hamilton
By Corey Hamilton

Apr 29, 2024 / 3 min read

Tags: Artificial Intelligence, Security News & Trends, Build Security into DevOps
Top 10 free pen tester tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Security News & Trends, Build Security into DevOps
CVE-2017-5638: The Apache Struts vulnerability explained

CVE-2017-5638: The Apache Struts vulnerability explained

Fred Bals
By Fred Bals

Mar 16, 2024 / 3 min read

Tags: Security News & Trends, Secure the Software Supply Chain
2024 OSSRA Report: Outdated code risk in open source components

2024 OSSRA Report: Outdated code risk in open source components

Fred Bals
By Fred Bals

Mar 06, 2024 / 4 min read

Tags: Security News & Trends, Secure the Software Supply Chain, Manage Security Risks

See all blog posts

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security
©2024 Black Duck Software, Inc. All Rights Reserved