Aug 26, 2025/3 min read Key findings from “The State of Embedded Software Quality and Safety 2025” report Fred Bals Aug 26, 2025 | 3 min read
Aug 12, 2025/5 min read What you need to know about the NIST Secure Software Development Framework Fred Bals Aug 12, 2025 | 5 min read
Jul 21, 2025/5 min read Key takeaways from the “2024 Software Vulnerability Snapshot” report Fred Bals Jul 21, 2025 | 5 min read
Jul 17, 2025/7 min read Navigating the EU Cyber Resilience Act Corey Hamilton, Fred Bals Jul 17, 2025 | 7 min read
May 22, 2025/5 min read Q&A: What You Need to Know About Open Source Software Risk in 2025 Fred Bals May 22, 2025 | 5 min read
Mar 12, 2025/4 min read The 2025 OSSRA report uncovers answers to common open source questions Fred Bals Mar 12, 2025 | 4 min read
Mar 05, 2025/8 min read Top open source licenses and legal risk for developers Fred Bals Mar 05, 2025 | 8 min read
Feb 25, 2025/5 min read Six takeaways from the 2025 “Open Source Security and Risk Analysis” report Fred Bals Feb 25, 2025 | 5 min read
Nov 12, 2024/3 min read Software Vulnerability Snapshot Report Findings Fred Bals Nov 12, 2024 | 3 min read
Oct 08, 2024/5 min read Key insights from Black Duck’s 2024 Global State of DevSecOps report Fred Bals Oct 08, 2024 | 5 min read
May 16, 2024/3 min read The changing face of software supply chain security risk Fred Bals May 16, 2024 | 3 min read
Apr 08, 2024/5 min read What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack Fred Bals Apr 08, 2024 | 5 min read
Mar 19, 2024/4 min read 2024 OSSRA report: Open source license compliance remains problematic Fred Bals Mar 19, 2024 | 4 min read
Mar 16, 2024/3 min read CVE-2017-5638: The Apache Struts vulnerability explained Fred Bals Mar 16, 2024 | 3 min read
Mar 06, 2024/4 min read 2024 OSSRA Report: Outdated code risk in open source components Fred Bals Mar 06, 2024 | 4 min read
Jan 04, 2024/2 min read DevSecOps practices to maintain developer velocity Fred Bals Jan 04, 2024 | 2 min read
Dec 04, 2023/3 min read Shifting everywhere: The importance of continuous testing in the software development life cycle Fred Bals Dec 04, 2023 | 3 min read
Oct 18, 2023/2 min read DevSecOps Report: ASPM and its impact on software security Fred Bals Oct 18, 2023 | 2 min read
Jun 30, 2023/2 min read Defending against malicious packages in the npm ecosystem and beyond Fred Bals Jun 30, 2023 | 2 min read
Jun 26, 2023/7 min read 2023 OSSRA deep dive: High-risk vulnerabilities Fred Bals Jun 26, 2023 | 7 min read
May 10, 2023/4 min read 2023 OSSRA deep dive: jQuery and open source security Fred Bals May 10, 2023 | 4 min read
Mar 26, 2023/2 min read Synopsys Global Partner Program Receives CRN® 5-Star Rating for Second Consecutive Year Fred Bals Mar 26, 2023 | 2 min read
Dec 07, 2020/4 min read 6 Findings from DevSecOps Practices' Survey Fred Bals Dec 07, 2020 | 4 min read
Sep 10, 2020/4 min read TANSTAAFL! The tragedy of the commons meets open source software Fred Bals Sep 10, 2020 | 4 min read
Jun 01, 2020/3 min read Why developers need a supplemental source to NVD vulnerability data Fred Bals Jun 01, 2020 | 3 min read
Feb 18, 2020/5 min read There’s no such thing as TMI when it comes to open source software Fred Bals Feb 18, 2020 | 5 min read
Jan 22, 2020/5 min read Coverity & Black Duck together. Better. Faster. Stronger. Fred Bals Jan 22, 2020 | 5 min read
Nov 12, 2019/3 min read Blue Yonder: Extending their SDLC to remediate open source issues Fred Bals Nov 12, 2019 | 3 min read
Feb 10, 2019/2 min read 3 takeaways from “Managing the Business Risks of Open Source” webinar Fred Bals Feb 10, 2019 | 2 min read
Oct 09, 2018/2 min read Why you need to perform open source due diligence in an M&A transaction Fred Bals Oct 09, 2018 | 2 min read
Sep 30, 2018/3 min read CVE-2018-11776 and why you need Black Duck Security Advisories Fred Bals Sep 30, 2018 | 3 min read
Aug 27, 2018/2 min read CVE-2018-11776: The latest Apache Struts vulnerability Fred Bals Aug 27, 2018 | 2 min read
Aug 14, 2018/2 min read The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP Fred Bals Aug 14, 2018 | 2 min read
Jan 23, 2018/2 min read When software is the company, tech due diligence is critical Fred Bals Jan 23, 2018 | 2 min read
Sep 14, 2017/3 min read Equifax, Apache Struts, and CVE-2017-5638 vulnerability Fred Bals Sep 14, 2017 | 3 min read
Apr 04, 2017/3 min read Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP? Fred Bals Apr 04, 2017 | 3 min read