Aug 31, 2023/ SANS 2023 DevSecOps Survey By Black Duck Editorial Staff Tags: Security News & Trends, DevSecOps
Aug 22, 2023/4 min read Building Security In Podcast: New strategies for managing risk By Black Duck Editorial Staff Tags: DevSecOps
Aug 16, 2023/6 min read Solving cross-platform DevSecOps challenges with Black Duck By Black Duck Editorial Staff Tags: DevSecOps
Aug 15, 2023/1 min read CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon By Black Duck Editorial Staff Tags: CyRC
Jul 16, 2023/1 min read Building Security In Podcast: Machine Learning + AI By Black Duck Editorial Staff Tags: Artificial Intelligence, DevSecOps
Jun 25, 2023/1 min read Podcast: The current state of DevOps By Black Duck Editorial Staff Tags: Security News & Trends, Program Strategy & Planning, AppSec Best Practices, DevSecOps
Jun 08, 2023/1 min read AppSec Decoded: Ease of use with Polaris By Black Duck Editorial Staff Tags: Agile, CI/CD, DevSecOps
May 31, 2023/6 min read An Enterprise Guide: Periodic Cloud Security Risk Assessments By Black Duck Editorial Staff Tags: Cloud Security
May 31, 2023/1 min read Synopsys named in 2023 Fortress Cyber Security Awards By Black Duck Editorial Staff Tags: Security News & Trends
May 24, 2023/1 min read AppSec Decoded: Easy to scale with Polaris By Black Duck Editorial Staff Tags: Build Security into DevOps, DevSecOps
May 17, 2023/2 min read Eliminate malicious code in your software supply chain By Black Duck Editorial Staff Tags: Secure the Software Supply Chain
May 14, 2023/1 min read AppSec Decoded: Easy deployment with Polaris By Black Duck Editorial Staff Tags: DevSecOps, Manage Security Risks
May 08, 2023/1 min read CRN’s 2023 Women of the Channel Awards list By Black Duck Editorial Staff Tags: Security News & Trends
Apr 25, 2023/1 min read AppSec Decoded: Evaluating threats with threat modeling risk analysis By Black Duck Editorial Staff Tags: Threat Modeling, Manage Security Risks
Apr 20, 2023/1 min read AppSec Decoded: Creating an attack model in threat modeling By Black Duck Editorial Staff Tags: Threat Modeling, Manage Security Risks
Apr 18, 2023/3 min read Polaris integrations: Secure development at the speed of business By Black Duck Editorial Staff Tags: Agile, CI/CD, DevSecOps, Manage Security Risks
Apr 13, 2023/1 min read AppSec Decoded: Creating a system model in threat modeling By Black Duck Editorial Staff Tags: Threat Modeling, Manage Security Risks
Apr 03, 2023/1 min read AppSec Decoded: Scoping + data gathering in threat modeling By Black Duck Editorial Staff Tags: Threat Modeling, Manage Security Risks
Apr 03, 2023/4 min read Polaris: Your no-compromise SaaS AST solution By Black Duck Editorial Staff Tags: Agile, CI/CD, DevSecOps, Manage Security Risks
Mar 15, 2023/7 min read AppSec Decoded: Continuous AppSec testing in DevSecOps with Seeker IAST By Black Duck Editorial Staff Tags: Build Security into DevOps, IAST, DevSecOps
Mar 01, 2023/1 min read AppSec Decoded: Managing your open source risks By Black Duck Editorial Staff Tags: SCA, Security News & Trends, Secure the Software Supply Chain
Feb 26, 2023/1 min read AppSec Decoded: Takeaways from the 2022 “Software Vulnerability Snapshot” report By Black Duck Editorial Staff Tags: DAST, Security News & Trends, Pen Testing, Manage Security Risks
Feb 08, 2023/3 min read Spotlight on CRED: Benchmarking security with a BSIMM assessment By Black Duck Editorial Staff Tags: Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks
Feb 06, 2023/1 min read Tom Herrmann of the Synopsys Software Integrity Group recognized as 2023 CRN Channel Chief By Black Duck Editorial Staff Tags: Security News & Trends
Jan 30, 2023/1 min read CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends, CyRC
Jan 10, 2023/1 min read AppSec Decoded: The research behind the 2022 “Software Vulnerability Snapshot” By Black Duck Editorial Staff Tags: DAST, Security News & Trends, Pen Testing
Dec 08, 2022/3 min read SBOM: What’s in your software ingredients list? By Black Duck Editorial Staff Tags: M&A, Secure the Software Supply Chain, OSS License Compliance
Nov 21, 2022/5 min read Beyond NVD data: Using Black Duck Security Advisories for version accuracy By Black Duck Editorial Staff Tags: Security News & Trends, CyRC
Nov 08, 2022/11 min read JavaScript security best practices for securing your applications By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, Training
Nov 04, 2022/3 min read Defensics adds gRPC support for distributed web and mobile application security testing By Black Duck Editorial Staff Tags: Fuzzing, Build Security into DevOps, Mobile, Web AppSec
Oct 28, 2022/4 min read Avoid anaphylactic shock by auditing dependencies in software due diligence By Black Duck Editorial Staff Tags: M&A, OSS License Compliance
Oct 25, 2022/6 min read New government directives and persistent threats reinforce urgency of securing software By Black Duck Editorial Staff Tags: Compliance, Public Sector
Oct 16, 2022/2 min read Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static By Black Duck Editorial Staff Tags: Build Security into DevOps, SAST
Oct 13, 2022/3 min read I have my Black Duck Audit reports; What’s next? By Black Duck Editorial Staff Tags: M&A, OSS License Compliance
Sep 23, 2022/3 min read Commercial software licenses in software due diligence By Black Duck Editorial Staff Tags: M&A, OSS License Compliance
Sep 13, 2022/2 min read CyRC Vulnerability Advisory: Denial-of-service vulnerabilities (CVE-2022-39063) in Open5GS By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends, CyRC
Aug 29, 2022/1 min read AppSec Decoded: Addressing NIST guidelines begins with understanding your risk profile By Black Duck Editorial Staff Tags: Public Sector
Aug 23, 2022/1 min read AppSec Decoded: The NIST guidance on supply chain risk management By Black Duck Editorial Staff Tags: Secure the Software Supply Chain, Public Sector
Aug 10, 2022/1 min read AppSec Decoded: An introduction to the Black Duck Cybersecurity Research Center By Black Duck Editorial Staff Tags: Security News & Trends, CyRC
Aug 09, 2022/5 min read Synopsys and ESG report points to prevalence of software supply chain risks By Black Duck Editorial Staff Tags: SCA, Security News & Trends, Secure the Software Supply Chain, Cloud Security
Aug 03, 2022/1 min read CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN By Black Duck Editorial Staff Tags: Security News & Trends, CyRC
Aug 01, 2022/6 min read CyRC Vulnerability Analysis: Repo jacking in the software supply chain By Black Duck Editorial Staff Tags: CyRC
Jul 18, 2022/1 min read AppSec Decoded: Application security orchestration and correlation By Black Duck Editorial Staff Tags: Build Security into DevOps, DevSecOps, Manage Security Risks, Orchestration & Correlation
Jul 13, 2022/1 min read AppSec Decoded: Get the most out of your open source software By Black Duck Editorial Staff Tags: M&A, Secure the Software Supply Chain
Jun 26, 2022/6 min read Celebrating one year of Rapid Scan Static By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks
Jun 09, 2022/1 min read AppSec Decoded: Security at the speed of DevOps By Black Duck Editorial Staff Tags: Build Security into DevOps, Manage Security Risks, Orchestration & Correlation
Jun 02, 2022/3 min read Celebrating Pride 2022: Out in open source By Black Duck Editorial Staff Tags: Security News & Trends
May 22, 2022/1 min read AppSec Decoded: Managing software supply chain risks By Black Duck Editorial Staff Tags: SCA, Secure the Software Supply Chain
May 12, 2022/3 min read Two-factor authentication misconfiguration bypass By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, Internet of Things
May 08, 2022/1 min read Product Security Advisory: Reflected cross-site scripting in Black Duck Hub By Black Duck Editorial Staff Tags: Security News & Trends
Apr 05, 2022/1 min read AppSec Decoded: Is an SBOM a silver bullet for software supply chain security? By Black Duck Editorial Staff Tags: SCA, Secure the Software Supply Chain, Compliance
Mar 31, 2022/4 min read BYOD in the workforce: MDM and MAM with Microsoft Intune By Black Duck Editorial Staff Tags: Mobile, Manage Security Risks, Internet of Things
Mar 10, 2022/5 min read Black Duck contributes to the Linux Foundation Census II of the most widely used open source application libraries By Black Duck Editorial Staff Tags: SCA
Mar 07, 2022/1 min read #BreakTheBias: A conversation about tackling gender equality in the workforce By Black Duck Editorial Staff Tags: Security News & Trends
Feb 20, 2022/10 min read Navigating the road ahead for automotive cybersecurity By Black Duck Editorial Staff Tags: Pen Testing, Threat Modeling, Manage Security Risks, Automotive
Feb 14, 2022/3 min read Black History Month: Uplifting voices at Black Duck By Black Duck Editorial Staff Tags: Security News & Trends
Jan 31, 2022/1 min read AppSec Decoded: Building security into DevSecOps By Black Duck Editorial Staff Tags: Build Security into DevOps, DevSecOps
Jan 23, 2022/3 min read Scale and mature your AppSec program with a managed services partner By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Dec 20, 2021/1 min read AppSec Decoded: A proactive approach to building trust in your software supply chain By Black Duck Editorial Staff Tags: Secure the Software Supply Chain, Compliance, Public Sector
Dec 10, 2021/5 min read CyRC Vulnerability Analysis: Remote code execution zero-day exploit in Java logging library (log4j2) By Black Duck Editorial Staff Tags: SCA, CyRC
Dec 08, 2021/5 min read Safety Detectives interview with Tim Mackey By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Manage Security Risks
Nov 16, 2021/2 min read Don’t let Trojan Source sneak into your code By Black Duck Editorial Staff Tags: SAST
Oct 28, 2021/1 min read AppSec Decoded: Why Biden’s executive order should be on your radar By Black Duck Editorial Staff Tags: Security News & Trends, Public Sector
Oct 16, 2021/7 min read Top 10 Spring Security best practices for Java developers By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, Web AppSec
Sep 26, 2021/1 min read AppSec Decoded: Cyber security measures for technology buyers and suppliers By Black Duck Editorial Staff Tags: Security News & Trends, Secure the Software Supply Chain, Public Sector
Sep 14, 2021/1 min read A new approach to AppSec By Black Duck Editorial Staff Tags: Build Security into DevOps, Manage Security Risks, Orchestration & Correlation
Sep 10, 2021/4 min read Strengthen your cloud security posture with Azure Sentinel By Black Duck Editorial Staff Tags: Cloud Security, Manage Security Risks
Sep 08, 2021/5 min read ASOC series part 2: How to scale AppSec with application security automation By Black Duck Editorial Staff Tags: DevSecOps, Manage Security Risks, Orchestration & Correlation
Sep 02, 2021/7 min read ASOC series part 1: How application security orchestration and correlation can improve DevSecOps efficiency By Black Duck Editorial Staff Tags: DevSecOps, Manage Security Risks, Orchestration & Correlation
Aug 19, 2021/6 min read Reflections on trusting plugins: Backdooring Jenkins builds By Black Duck Editorial Staff Tags: Build Security into DevOps
Aug 08, 2021/5 min read Keep infrastructure as code secure with Black Duck By Black Duck Editorial Staff Tags: Build Security into DevOps, SAST
Aug 03, 2021/5 min read How to run your CodeXM checker By Black Duck Editorial Staff Tags: Build Security into DevOps, Training, SAST
Jul 28, 2021/1 min read AppSec Decoded: New executive order changes dynamic of software security standards By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, Secure the Software Supply Chain, Compliance, Manage Security Risks, Public Sector
Jul 11, 2021/6 min read Reduce open source software risks in your supply chain By Black Duck Editorial Staff Tags: Secure the Software Supply Chain
Jul 08, 2021/3 min read Getting started with writing checkers using CodeXM By Black Duck Editorial Staff Tags: Build Security into DevOps, SAST
Jun 17, 2021/1 min read Reduce open source risk in M&A with software due diligence By Black Duck Editorial Staff Tags: M&A, SCA, OSS License Compliance
Jun 05, 2021/3 min read Web application security testing at scale with Coverity SAST By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks
May 12, 2021/4 min read Cybersecurity Executive Order requires new software security standards By Black Duck Editorial Staff Tags: Security News & Trends, Compliance, Public Sector
Apr 08, 2021/12 min read Integrating fuzzing into DevSecOps By Black Duck Editorial Staff Tags: Fuzzing, Build Security into DevOps, DevSecOps
Mar 14, 2021/4 min read Why should DevOps teams choose IAST? By Black Duck Editorial Staff Tags: Build Security into DevOps, IAST
Feb 08, 2021/3 min read 8 must-have features in an IAST solution By Black Duck Editorial Staff Tags: IAST, Manage Security Risks
Jan 31, 2021/1 min read AppSec Decoded: Manufacturing more-secure IoT devices By Black Duck Editorial Staff Tags: Manage Security Risks, Internet of Things
Oct 20, 2020/1 min read AppSec Decoded: The security dilemma of IoT devices By Black Duck Editorial Staff Tags: Manage Security Risks, Internet of Things
Aug 25, 2020/4 min read Developing a COVID-19 track and trace app — through the lens of Black Duck By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps, Threat & Risk Assessment, Mobile, IAST, SAST, Public Sector
Jun 28, 2020/4 min read Are you following the top 10 software security best practices? By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, Manage Security Risks
Jun 16, 2020/3 min read An introduction to installing Black Duck By Black Duck Editorial Staff Tags: SCA, Build Security into DevOps
Jun 11, 2020/11 min read Authentication Token Obtain and Replace (ATOR) Burp plugin to handle complex login sequences By Black Duck Editorial Staff Tags: Build Security into DevOps
Jun 03, 2020/2 min read How to overcome the top 6 application security challenges By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
May 13, 2020/3 min read Critical gap in developer security training puts applications at risk By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, Training
May 05, 2020/4 min read 3 ways to boost your security with role-based security compliance training By Black Duck Editorial Staff Tags: Build Security into DevOps, Compliance, AppSec Best Practices, Training
May 03, 2020/2 min read 3 long-term benefits of an application security training strategy By Black Duck Editorial Staff Tags: Build Security into DevOps, Training
Apr 27, 2020/15 min read CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices By Black Duck Editorial Staff Tags: Security News & Trends, Compliance, CyRC
Apr 21, 2020/3 min read The Complete Application Security Checklist By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Apr 13, 2020/1 min read CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone By Black Duck Editorial Staff Tags: Security News & Trends, Mobile, CyRC
Apr 07, 2020/3 min read How 5G and IoT devices open up the attack surface on enterprises By Black Duck Editorial Staff Tags: Fuzzing, Manage Security Risks, Internet of Things
Mar 29, 2020/3 min read 3 ways to improve your software development skills By Black Duck Editorial Staff Tags: Security News & Trends, Training
Mar 10, 2020/3 min read How does IAST fit into DevSecOps? By Black Duck Editorial Staff Tags: Agile, CI/CD, Build Security into DevOps, IAST, DevSecOps
Mar 03, 2020/5 min read 5G: Vast potential, but better security needed By Black Duck Editorial Staff Tags: Fuzzing, Mobile, Manage Security Risks, Internet of Things
Feb 12, 2020/11 min read Top 10 FOSS legal developments in 2019 By Black Duck Editorial Staff Tags: Security News & Trends, OSS License Compliance
Feb 03, 2020/3 min read Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images By Black Duck Editorial Staff Tags: Security News & Trends, Container Security
Feb 03, 2020/4 min read Mobile security app-titude best practices for secure app design and data privacy By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, Mobile
Feb 02, 2020/5 min read Ask the Experts: What’s most rewarding about your career in cyber security? By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, Manage Security Risks
Jan 18, 2020/4 min read Synopsys adds GitHub Action for SAST and SCA By Black Duck Editorial Staff Tags: SCA, Agile, CI/CD, Build Security into DevOps, SAST
Jan 08, 2020/1 min read Synopsys acquires Tinfoil Security, DAST and API testing solutions provider By Black Duck Editorial Staff Tags: DAST, Security News & Trends
Nov 19, 2019/3 min read SAST vs. SCA: What’s the difference? Do I need both? By Black Duck Editorial Staff Tags: SCA, Build Security into DevOps, SAST
Nov 17, 2019/3 min read Integrating Coverity Scan with GitLab CI By Black Duck Editorial Staff Tags: Agile, CI/CD, Build Security into DevOps, SAST
Oct 09, 2019/2 min read CloudBees and Synopsys: Putting “Sec” into DevSecOps By Black Duck Editorial Staff Tags: Agile, CI/CD, Build Security into DevOps
Sep 29, 2019/4 min read Wormwood – An Explicit Way to Test Absinthe GraphQL APIs By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps
Sep 26, 2019/2 min read Coverity release ties in well to the latest MITRE CWE Top 25 By Black Duck Editorial Staff Tags: SCA, Security News & Trends, Compliance, SAST
Sep 19, 2019/4 min read Q&A: Fuzz testing, agent instrumentation, and Defensics By Black Duck Editorial Staff Tags: Fuzzing, Build Security into DevOps
Aug 26, 2019/3 min read What are the different types of security vulnerabilities? By Black Duck Editorial Staff Tags: Web AppSec, Manage Security Risks
Aug 13, 2019/2 min read [Infographic] Financial cybersecurity by the numbers By Black Duck Editorial Staff Tags: Security News & Trends, Financial Services
Aug 11, 2019/6 min read The license and security risks of using Node.js By Black Duck Editorial Staff Tags: Web AppSec, Manage Security Risks
Aug 04, 2019/5 min read Ask the Experts: How can we prevent ransomware attacks? By Black Duck Editorial Staff Tags: Security News & Trends, Program Strategy & Planning, Training
Jul 15, 2019/2 min read Top 3 cloud security trends for 2019 By Black Duck Editorial Staff Tags: Security News & Trends, Cloud Security, Manage Security Risks
Jul 09, 2019/1 min read Join Synopsys at codenomi-con and Black Hat USA 2019 By Black Duck Editorial Staff Tags: Security News & Trends
Jun 18, 2019/7 min read Web AppSec interview questions every company should ask By Black Duck Editorial Staff Tags: Security News & Trends, Web AppSec, Manage Security Risks
Jun 10, 2019/8 min read Ask the Experts: Should the US have a data privacy law similar to GDPR? By Black Duck Editorial Staff Tags: Compliance, Manage Security Risks, Public Sector
May 24, 2019/3 min read How are code quality and code security related? By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, SAST, Internet of Things
May 08, 2019/1 min read Announcing Code Sight 2019.4 By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, SAST
May 06, 2019/4 min read Synopsys and Red Hat OpenShift 4: One smooth Operator! By Black Duck Editorial Staff Tags: Container Security
Apr 18, 2019/2 min read Are you making these software standards compliance mistakes? By Black Duck Editorial Staff Tags: Compliance, Manage Security Risks
Apr 09, 2019/4 min read Complex but helpful: Negotiating FDA guidance to build a cybersecurity program By Black Duck Editorial Staff Tags: Security News & Trends, Healthcare
Feb 05, 2019/2 min read Container scanning for security with Black Duck OpsSight 2.2 By Black Duck Editorial Staff Tags: Container Security
Jan 30, 2019/2 min read How to “shift left” with application security tools, and how not to By Black Duck Editorial Staff Tags: Agile, CI/CD, Build Security into DevOps
Jan 29, 2019/7 min read Why dependencies matter for SAST By Black Duck Editorial Staff Tags: Build Security into DevOps, Training, SAST
Jan 29, 2019/3 min read Server-side GraphQL Querying with Elixir Absinthe By Black Duck Editorial Staff Tags: DAST, Security News & Trends
Jan 15, 2019/4 min read Top 10 software vulnerability list for 2019 By Black Duck Editorial Staff Tags: Security News & Trends, Mobile, Web AppSec
Nov 19, 2018/2 min read Should I include CSRF protection on a login form? By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps
Nov 13, 2018/1 min read Today I Learned: Using SCSS in your Vue Components By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps
Nov 06, 2018/2 min read Shared responsibility model: Who owns cloud security? By Black Duck Editorial Staff Tags: Cloud Security, Manage Security Risks
Oct 11, 2018/2 min read Automation: One of the keys to DevSecOps By Black Duck Editorial Staff Tags: Agile, CI/CD, Program Strategy & Planning, DevSecOps, Manage Security Risks
Sep 22, 2018/4 min read Tineola: Taking a bite out of enterprise blockchain By Black Duck Editorial Staff Tags: Security News & Trends
Sep 14, 2018/6 min read Let’s write more CodeXM checkers (second-stage ignition) By Black Duck Editorial Staff Tags: Build Security into DevOps, SAST
Sep 12, 2018/3 min read The IoT within us: Network-connected medical devices By Black Duck Editorial Staff Tags: Security News & Trends, Medical Devices, Healthcare, Internet of Things
Sep 11, 2018/1 min read What’s so special about zero-day vulnerabilities? By Black Duck Editorial Staff Tags: Security News & Trends
Sep 05, 2018/2 min read A Quick Guide to the Complex: Ecto.Multi By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps
Aug 26, 2018/3 min read Securing applications with Coverity’s static analysis results By Black Duck Editorial Staff Tags: Agile, CI/CD, Security News & Trends, SAST
Aug 19, 2018/2 min read Integrating Coverity static analysis into development workflows By Black Duck Editorial Staff Tags: Agile, CI/CD, Build Security into DevOps, SAST
Aug 01, 2018/3 min read Slim Docker Images for Rails By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps
Jul 20, 2018/4 min read Remediating XSS: Does a single fix work? By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks
Jul 14, 2018/2 min read How RASP complements application security testing to minimize risk By Black Duck Editorial Staff Tags: IAST, Web AppSec, Manage Security Risks
Jun 14, 2018/3 min read The what, why, and who of runtime application self-protection (RASP) By Black Duck Editorial Staff Tags: Web AppSec, Manage Security Risks
Jun 06, 2018/2 min read 5 DevSecOps essentials and how to achieve them By Black Duck Editorial Staff Tags: Agile, CI/CD, Security News & Trends, DevSecOps
May 25, 2018/3 min read How does the TeenSafe data leak present a classic false sense of security? By Black Duck Editorial Staff Tags: Security News & Trends, Cloud Security
Mar 21, 2018/8 min read Detecting Spectre vulnerability exploits with static analysis By Black Duck Editorial Staff Tags: Build Security into DevOps, SAST
Feb 26, 2018/ Subscribe to stay on top of the latest in software security By Black Duck Editorial Staff Tags:
Jan 30, 2018/5 min read Migrating to Docker on Black Duck By Black Duck Editorial Staff Tags: SCA, Build Security into DevOps, Container Security
Jan 19, 2018/1 min read Is shadow engineering developing your applications? By Black Duck Editorial Staff Tags: Agile, CI/CD, Security News & Trends
Jan 18, 2018/6 min read The Data Protection Directive versus the GDPR: Understanding key changes By Black Duck Editorial Staff Tags: Security News & Trends, Compliance
Jan 09, 2018/1 min read Manage security risk in GitHub open source projects with CoPilot By Black Duck Editorial Staff Tags: Agile, CI/CD, Security News & Trends
Jan 02, 2018/3 min read Is breach of the GPL license breach of contract? By Black Duck Editorial Staff Tags: OSS License Compliance
Dec 06, 2017/1 min read PayPal uncovers TIO Networks data breach affecting 1.6 million users By Black Duck Editorial Staff Tags: Security News & Trends
Nov 29, 2017/4 min read Navigating responsible vulnerability disclosure best practices By Black Duck Editorial Staff Tags: Fuzzing, AppSec Best Practices, Manage Security Risks
Nov 01, 2017/4 min read How to proactively protect IoT devices from DDoS attacks By Black Duck Editorial Staff Tags: Security News & Trends
Oct 17, 2017/5 min read ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards By Black Duck Editorial Staff Tags: Security News & Trends
Oct 14, 2017/3 min read What is cloud-native container security? By Black Duck Editorial Staff Tags: Agile, CI/CD, Security News & Trends, Cloud Security
Oct 12, 2017/1 min read Black Duck and Google Grafeas: Improving container visibility and security By Black Duck Editorial Staff Tags: SCA, Agile, CI/CD, Container Security
Sep 29, 2017/5 min read How to implement security measures without negatively affecting software quality By Black Duck Editorial Staff Tags: Security News & Trends
Sep 21, 2017/3 min read Why do companies need a software security program? By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Sep 13, 2017/3 min read So Apache broke up with Facebook. How does that affect you? By Black Duck Editorial Staff Tags: M&A, Security News & Trends, OSS License Compliance
Sep 12, 2017/3 min read What you need to know about BlueBorne Bluetooth flaws By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends, SAST, Internet of Things
Sep 10, 2017/3 min read Black Duck finds 3 Linux kernel vulnerabilities By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends
Sep 05, 2017/2 min read “Easy” to hack Apache Struts vulnerability CVE-2017-9805 By Black Duck Editorial Staff Tags: Security News & Trends
Sep 05, 2017/6 min read A journey through the secure software development life cycle phases By Black Duck Editorial Staff Tags: Program Strategy & Planning, Threat & Risk Assessment, Threat Modeling, Manage Security Risks
Aug 28, 2017/4 min read DEF CON 25 exposes voting system vulnerabilities By Black Duck Editorial Staff Tags: Security News & Trends, Public Sector
Aug 22, 2017/1 min read Hub Detect: Comprehensive open source scanning By Black Duck Editorial Staff Tags: Security News & Trends
Aug 15, 2017/3 min read Scan nirvana: Hub Detect for all native build and CI tools By Black Duck Editorial Staff Tags: Build Security into DevOps
Jul 07, 2017/3 min read Is threat modeling compatible with Agile and DevSecOps? By Black Duck Editorial Staff Tags: Agile, CI/CD, Threat Modeling, Manage Security Risks
Jun 21, 2017/2 min read 3 permissive licenses and why they deserve a little respect By Black Duck Editorial Staff Tags: M&A, OSS License Compliance
May 29, 2017/2 min read 4 key differences moving from Java to .NET Core By Black Duck Editorial Staff Tags: Security News & Trends
May 24, 2017/2 min read When should threat modeling take place in the SDLC? By Black Duck Editorial Staff Tags: Threat Modeling, Manage Security Risks
May 16, 2017/2 min read Node.js: Preventing common vulnerabilities in the MEAN stack By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, Manage Security Risks
May 08, 2017/5 min read AngularJS: Preventing common vulnerabilities in the MEAN stack By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec
May 07, 2017/3 min read DoublePulsar continues to expose older Windows boxes: What you need to know By Black Duck Editorial Staff Tags: Security News & Trends
May 07, 2017/2 min read .NET component vulnerability analysis in production By Black Duck Editorial Staff Tags: Agile, CI/CD, Security News & Trends
May 01, 2017/3 min read Heartbleed: OpenSSL vulnerability lives on By Black Duck Editorial Staff Tags: Security News & Trends
Apr 27, 2017/3 min read What are the signs your web application has been hacked? By Black Duck Editorial Staff Tags: Security News & Trends
Apr 20, 2017/2 min read ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1) By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, Manage Security Risks
Apr 18, 2017/4 min read How to mitigate third-party security risks By Black Duck Editorial Staff Tags: Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks
Apr 13, 2017/5 min read MongoDB: Preventing common vulnerabilities in the MEAN stack By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec
Apr 04, 2017/7 min read Attributes of secure web application architecture By Black Duck Editorial Staff Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec, Manage Security Risks
Mar 26, 2017/4 min read Does software quality equal software security? It depends By Black Duck Editorial Staff Tags: SCA, Fuzzing, Compliance, Manage Security Risks
Mar 22, 2017/6 min read Swift: Close to greatness in programming language design, Part 2 By Black Duck Editorial Staff Tags: Build Security into DevOps, SAST
Mar 21, 2017/3 min read Vulnerability management and triage in 3 steps By Black Duck Editorial Staff Tags: AppSec Best Practices, Manage Security Risks
Mar 18, 2017/2 min read CVE-2017-2636 strikes Linux kernel with double free vulnerability By Black Duck Editorial Staff Tags: Security News & Trends
Mar 01, 2017/2 min read Howard Schmidt, the United States’ first Cybersecurity Czar, has died By Black Duck Editorial Staff Tags: Security News & Trends, Public Sector
Feb 27, 2017/4 min read Responsible disclosure on a timetable By Black Duck Editorial Staff Tags: Security News & Trends, Healthcare
Feb 23, 2017/11 min read AngularJS security series part 1: Angular $http service By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, Training
Feb 22, 2017/3 min read Cloudbleed, like Heartbleed, may affect millions By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends, Cloud Security, Manage Security Risks
Feb 16, 2017/2 min read Examining vulnerability criticality when risk ranking vulnerabilities By Black Duck Editorial Staff Tags: Manage Security Risks
Jan 31, 2017/3 min read An overview of open standards for IoT communication protocols By Black Duck Editorial Staff Tags: Compliance, Internet of Things
Jan 23, 2017/2 min read 3 things to consider when risk ranking your applications By Black Duck Editorial Staff Tags: Threat & Risk Assessment, Threat Modeling, Manage Security Risks
Dec 08, 2016/3 min read The fly in the ointment of the JSON license By Black Duck Editorial Staff Tags: OSS License Compliance
Nov 28, 2016/4 min read 5 reasons to use third-party authentication instead of creating your own By Black Duck Editorial Staff Tags: Build Security into DevOps, Compliance, SAST
Nov 28, 2016/3 min read Here are the top 10 best practices for securing Android apps By Black Duck Editorial Staff Tags: AppSec Best Practices, Mobile, Training, Manage Security Risks
Nov 21, 2016/4 min read Hearts and minds: Culture management vs. human resources By Black Duck Editorial Staff Tags: Security News & Trends
Nov 14, 2016/1 min read Set up a software security group in 5 steps By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Nov 12, 2016/7 min read How to respond to application security incidents By Black Duck Editorial Staff Tags: Manage Security Risks
Nov 08, 2016/5 min read Abuse cases: How to think like a hacker By Black Duck Editorial Staff Tags: Build Security into DevOps
Nov 06, 2016/5 min read OSS warranties and indemnities in technology transactions By Black Duck Editorial Staff Tags: M&A, OSS License Compliance
Nov 05, 2016/2 min read Synopsys expands security signoff solution with Cigital and Codiscope acquisition By Black Duck Editorial Staff Tags: Security News & Trends, Manage Security Risks
Oct 24, 2016/3 min read Dyn DDoS attack: IoT vulnerabilities By Black Duck Editorial Staff Tags: Security News & Trends, Internet of Things
Oct 21, 2016/2 min read The pursuit of Hapi-ness: 5 must-have Hapi security plugins By Black Duck Editorial Staff Tags: Security News & Trends
Oct 19, 2016/4 min read Brace yourselves: Application transport security is coming By Black Duck Editorial Staff Tags: Security News & Trends, Mobile
Oct 19, 2016/3 min read Vulnerability management: Designing severity risk ranking systems By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends
Oct 14, 2016/3 min read Open source security management: A question of when, not whether By Black Duck Editorial Staff Tags: DAST, Security News & Trends, SAST
Oct 12, 2016/5 min read Why isn’t cyber security taught in schools? By Black Duck Editorial Staff Tags: Security News & Trends, Training
Oct 05, 2016/4 min read Guide to open source licenses By Black Duck Editorial Staff Tags: M&A, OSS License Compliance
Sep 26, 2016/2 min read Identifying and resolving software vulnerabilities: A balancing act By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Sep 24, 2016/1 min read AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices By Black Duck Editorial Staff Tags: Security News & Trends, Compliance, Medical Devices
Sep 21, 2016/2 min read Why there are at least 6,000 vulnerabilities without CVE-IDs By Black Duck Editorial Staff Tags: Security News & Trends
Sep 19, 2016/6 min read AGPL: Out of the shadows By Black Duck Editorial Staff Tags: M&A, Security News & Trends, OSS License Compliance
Sep 15, 2016/1 min read Software testing included in final ISA / IEC 62443-4-1 By Black Duck Editorial Staff Tags: Security News & Trends, Compliance
Sep 07, 2016/2 min read The Complete Security Vulnerability Assessment Checklist By Black Duck Editorial Staff Tags: Threat & Risk Assessment, Web AppSec, Manage Security Risks
Aug 31, 2016/3 min read Recognizing Another Type of Threat: Non-targeted Attacks By Black Duck Editorial Staff Tags: Manage Security Risks
Aug 24, 2016/3 min read 4 ineffective security controls that leave you with a false sense of security By Black Duck Editorial Staff Tags: Build Security into DevOps, Training
Aug 24, 2016/2 min read Pseudorandom number generation means pseudosecurity By Black Duck Editorial Staff Tags: Build Security into DevOps, Training
Aug 17, 2016/6 min read 4 principles of secure software design By Black Duck Editorial Staff Tags: Security News & Trends
Aug 08, 2016/3 min read Avoiding false positives in application security through customization By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, SAST, Manage Security Risks
Jul 18, 2016/2 min read Web application security threats and countermeasures By Black Duck Editorial Staff Tags: Web AppSec, Manage Security Risks
Jul 12, 2016/3 min read The 5 pillars of a successful threat model By Black Duck Editorial Staff Tags: Threat Modeling, Manage Security Risks
Jun 13, 2016/5 min read How to mitigate the Java deserialization vulnerability in JBoss application servers By Black Duck Editorial Staff Tags: Security News & Trends, AppSec Best Practices
Jun 13, 2016/8 min read Rocket.Chat: Enabling privately hosted chat services By Black Duck Editorial Staff Tags: Security News & Trends
Jun 01, 2016/3 min read 4 threat modeling questions to ask before your next Agile sprint By Black Duck Editorial Staff Tags: Agile, CI/CD, Threat Modeling, Manage Security Risks
May 24, 2016/1 min read For want of a CVE: MITRE’s ongoing CVE backlog By Black Duck Editorial Staff Tags: Security News & Trends
May 14, 2016/5 min read Best practices for free and open source software vulnerability management By Black Duck Editorial Staff Tags: Agile, CI/CD, AppSec Best Practices
May 05, 2016/4 min read Are SaaS companies immune to open source risk? By Black Duck Editorial Staff Tags: OSS License Compliance
Apr 28, 2016/3 min read Man in the middle: When Bob met Alice, and Eve heard everything By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, Web AppSec, Manage Security Risks
Apr 27, 2016/2 min read The open perimeter: Is your internal network protected? By Black Duck Editorial Staff Tags: Security News & Trends, Internet of Things
Apr 12, 2016/7 min read TLS 1.3 and the future of cryptographic protocols By Black Duck Editorial Staff Tags: Security News & Trends
Apr 11, 2016/1 min read Black Duck discovers CVE-2015-5370 in Samba’s DCE/RPC protocol implementation By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends, CyRC
Apr 04, 2016/2 min read How to avoid the top 10 software security flaws By Black Duck Editorial Staff Tags: Security News & Trends
Mar 15, 2016/3 min read How to do static analysis testing in 6 easy steps By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, SAST, Manage Security Risks
Mar 12, 2016/2 min read Web application security basics: 3 tips to get started By Black Duck Editorial Staff Tags: Security News & Trends
Mar 09, 2016/3 min read What’s the difference? OAuth 1.0 vs OAuth 2.0 By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, Training
Mar 08, 2016/9 min read An examination of ineffective certificate pinning implementations By Black Duck Editorial Staff Tags: Build Security into DevOps, Mobile
Feb 22, 2016/3 min read Security risks in mergers and acquisitions By Black Duck Editorial Staff Tags: M&A, Manage Security Risks, OSS License Compliance
Feb 04, 2016/2 min read Do you believe the 7 myths of software security? By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Jan 24, 2016/4 min read 3 security risks that architecture analysis can resolve By Black Duck Editorial Staff Tags: Security News & Trends, Threat & Risk Assessment
Jan 18, 2016/4 min read Pen testing best practices to take the pain out of penetration testing By Black Duck Editorial Staff Tags: Build Security into DevOps, AppSec Best Practices, Web AppSec
Jan 14, 2016/2 min read 5 essentials of cloud-based application security testing By Black Duck Editorial Staff Tags: Agile, CI/CD, Cloud Security, Manage Security Risks
Dec 21, 2015/4 min read How to mitigate your third-party mobile keyboard risk By Black Duck Editorial Staff Tags: Security News & Trends, Mobile
Dec 10, 2015/2 min read What Is Cross-Site Request Forgery? By Black Duck Editorial Staff Tags: Security News & Trends
Dec 09, 2015/2 min read What are cryptographic hash functions? By Black Duck Editorial Staff Tags: Program Strategy & Planning, Build Security into DevOps, Manage Security Risks
Dec 05, 2015/3 min read 3 ways abuse cases can drive security requirements By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Oct 22, 2015/5 min read Software security myth #3: Penetration testing solves everything By Black Duck Editorial Staff Tags: Security News & Trends, AppSec Best Practices, Pen Testing, Manage Security Risks
Oct 09, 2015/5 min read Using the SafetyNet API By Black Duck Editorial Staff Tags: Build Security into DevOps, Mobile
Oct 07, 2015/4 min read 3 fundamentals of a software security initiative By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Sep 27, 2015/4 min read Adding security steps to your agile development process By Black Duck Editorial Staff Tags: Security News & Trends
Sep 22, 2015/4 min read Agile and application security: A promising pair By Black Duck Editorial Staff Tags: Security News & Trends
Aug 14, 2015/3 min read The cathedral and the bazaar of software security vulnerabilities By Black Duck Editorial Staff Tags: Security News & Trends
Aug 04, 2015/5 min read Software is everywhere By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends
Aug 03, 2015/5 min read Integrating Touch ID into your iOS applications By Black Duck Editorial Staff Tags: Build Security into DevOps, Mobile
Jul 27, 2015/3 min read 3 reasons software security governance is essential to your business By Black Duck Editorial Staff Tags: Program Strategy & Planning, Manage Security Risks
Jul 26, 2015/2 min read How to build a red teaming playbook By Black Duck Editorial Staff Tags: Threat & Risk Assessment, Manage Security Risks
Jun 18, 2015/3 min read Samsung Galaxy phone hack: Making sense of the “Samsung” RCE vulnerability By Black Duck Editorial Staff Tags: Security News & Trends
Jun 18, 2015/2 min read 4 application security skills every expert ought to have By Black Duck Editorial Staff Tags: Security News & Trends, Web AppSec, Training
Apr 07, 2015/4 min read How mapping the Ocean’s Eleven heist can make you better at application security testing By Black Duck Editorial Staff Tags: Build Security into DevOps
Mar 30, 2015/3 min read Is conventional penetration testing enough to secure e-commerce applications? By Black Duck Editorial Staff Tags: Pen Testing, Web AppSec, Manage Security Risks
Mar 22, 2015/4 min read The 3 laws of robots.txt By Black Duck Editorial Staff Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec
Mar 15, 2015/3 min read XML External Entity Injection By Black Duck Editorial Staff Tags: DAST, Security News & Trends
Feb 04, 2015/1 min read Build software security in. Don’t rely on a tower defense strategy. By Black Duck Editorial Staff Tags: Security News & Trends
Feb 01, 2015/5 min read The role of randomness in online gambling By Black Duck Editorial Staff Tags: Security News & Trends
Dec 13, 2014/8 min read How to fix cross-site scripting: A developer’s guide By Black Duck Editorial Staff Tags: Program Strategy & Planning, Build Security into DevOps
Nov 03, 2014/9 min read Understanding Python bytecode By Black Duck Editorial Staff Tags: Build Security into DevOps, Web AppSec, Manage Security Risks
Aug 14, 2014/3 min read How To Fix POODLE (And Why You’re Probably Still Vulnerable) By Black Duck Editorial Staff Tags: DAST, Security News & Trends
Jul 29, 2014/4 min read Multi-Stack Integration Tests with CircleCI By Black Duck Editorial Staff Tags: Security News & Trends
May 19, 2014/4 min read Cordova InAppBrowser remote privilege escalation By Black Duck Editorial Staff Tags: Security News & Trends
Apr 24, 2014/3 min read Understanding fragment injection By Black Duck Editorial Staff Tags: Build Security into DevOps, Mobile, Web AppSec
Apr 13, 2014/4 min read On detecting Heartbleed with static analysis By Black Duck Editorial Staff Tags: Security News & Trends, Build Security into DevOps, SAST
Apr 07, 2014/6 min read Heartbleed vulnerability: What should you do? By Black Duck Editorial Staff Tags: Fuzzing, Security News & Trends, Build Security into DevOps
Jan 15, 2014/3 min read SecureRandom implementation (sun.security.provider.SecureRandom – SHA1PRNG) By Black Duck Editorial Staff Tags: Build Security into DevOps
Jan 05, 2014/2 min read Issues to be aware of when using Java's SecureRandom By Black Duck Editorial Staff Tags: Build Security into DevOps
Oct 29, 2013/2 min read Remote code execution in Apache Roller via OGNL injection By Black Duck Editorial Staff Tags: Security News & Trends
Oct 15, 2013/3 min read 2 path traversal defects in Oracle's JSF2 implementation By Black Duck Editorial Staff Tags: Security News & Trends
Jul 09, 2013/6 min read Stop Paying For SSL Certificates You Don’t Need By Black Duck Editorial Staff Tags: Security News & Trends
Jun 27, 2013/5 min read Cross-Browser Development Tips: Part 1 - CSS By Black Duck Editorial Staff Tags: Security News & Trends
Mar 07, 2013/4 min read Ruby Demystified: and vs. && By Black Duck Editorial Staff Tags: DAST, Build Security into DevOps
Jan 24, 2013/4 min read Who’s afraid of GPL3? By Black Duck Editorial Staff Tags: Manage Security Risks
Oct 31, 2010/2 min read Secure URL redirection remediation By Black Duck Editorial Staff Tags: Program Strategy & Planning, Build Security into DevOps, Web AppSec
Aug 09, 2007/1 min read Mitigate XSS: Why input validation is bogus By Black Duck Editorial Staff Tags: Security News & Trends
Mar 14, 2007/1 min read Busting the SQL stored procedure myth By Black Duck Editorial Staff Tags: Security News & Trends