Key findings from “The State of Embedded Software Quality and Safety 2025” report
Aug 26, 2025
|
3 min read
From this Author
What you need to know about the NIST Secure Software Development Framework
Aug 12, 2025
|
5 min read
Key takeaways from the “2024 Software Vulnerability Snapshot” report
Jul 21, 2025
|
5 min read
Navigating the EU Cyber Resilience Act
Jul 17, 2025
|
7 min read
Q&A: What You Need to Know About Open Source Software Risk in 2025
May 22, 2025
|
5 min read
The 2025 OSSRA report uncovers answers to common open source questions
Mar 12, 2025
|
4 min read
Top open source licenses and legal risk for developers
Mar 05, 2025
|
8 min read
Six takeaways from the 2025 “Open Source Security and Risk Analysis” report
Feb 25, 2025
|
5 min read
Software Vulnerability Snapshot Report Findings
Nov 12, 2024
|
3 min read
Key insights from Black Duck’s 2024 Global State of DevSecOps report
Oct 08, 2024
|
5 min read
The changing face of software supply chain security risk
May 16, 2024
|
3 min read
What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack
Apr 08, 2024
|
5 min read
2024 OSSRA report: Open source license compliance remains problematic
Mar 19, 2024
|
4 min read
What is a software bill of materials?
Mar 17, 2024
|
5 min read
CVE-2017-5638: The Apache Struts vulnerability explained
Mar 16, 2024
|
3 min read
2024 OSSRA Report: Outdated code risk in open source components
Mar 06, 2024
|
4 min read
DevSecOps practices to maintain developer velocity
Jan 04, 2024
|
2 min read
Shifting everywhere: The importance of continuous testing in the software development life cycle
Dec 04, 2023
|
3 min read
DevSecOps Report: ASPM and its impact on software security
Oct 18, 2023
|
2 min read
Defending against malicious packages in the npm ecosystem and beyond
Jun 30, 2023
|
2 min read
2023 OSSRA deep dive: High-risk vulnerabilities
Jun 26, 2023
|
7 min read
2023 OSSRA deep dive: jQuery and open source security
May 10, 2023
|
4 min read
Synopsys Global Partner Program Receives CRN® 5-Star Rating for Second Consecutive Year
Mar 26, 2023
|
2 min read
6 Findings from DevSecOps Practices' Survey
Dec 07, 2020
|
4 min read
Making SCA part of your AST Strategy
Sep 29, 2020
|
3 min read
TANSTAAFL! The tragedy of the commons meets open source software
Sep 10, 2020
|
4 min read
Why developers need a supplemental source to NVD vulnerability data
Jun 01, 2020
|
3 min read
There’s no such thing as TMI when it comes to open source software
Feb 18, 2020
|
5 min read
Coverity & Black Duck together. Better. Faster. Stronger.
Jan 22, 2020
|
5 min read
Blue Yonder: Extending their SDLC to remediate open source issues
Nov 12, 2019
|
3 min read
3 takeaways from “Managing the Business Risks of Open Source” webinar
Feb 10, 2019
|
2 min read
Why you need to perform open source due diligence in an M&A transaction
Oct 09, 2018
|
2 min read
CVE-2018-11776 and why you need Black Duck Security Advisories
Sep 30, 2018
|
3 min read
CVE-2018-11776: The latest Apache Struts vulnerability
Aug 27, 2018
|
2 min read
The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP
Aug 14, 2018
|
2 min read
When software is the company, tech due diligence is critical
Jan 23, 2018
|
2 min read
Equifax, Apache Struts, and CVE-2017-5638 vulnerability
Sep 14, 2017
|
3 min read
Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?
Apr 04, 2017
|
3 min read
Fred Bals
Fred is a senior technical writer at Black Duck. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.