Navigating the EU Cyber Resilience Act
Jul 17, 2025
|
7 min read
Compliance
The road to software compliance, quality, and standards can be difficult to navigate. Read articles from Black Duck cyber security experts for guidance and best practices on getting your AppSec program on the right track.
68
Stories
27
Writers
Major changes and challenges of PCI DSS 4.0
Nov 04, 2024
|
6 min read
SSDF BSIMM mapping updated for BSIMM14
Jun 18, 2024
|
8 min read
Building a software Bill of Materials with Black Duck
Apr 20, 2024
|
5 min read
Making intelligent tradeoffs in software due diligence
Dec 13, 2023
|
4 min read
Black Duck audits reporting update: Streamlined view of risks and remediation steps
Sep 08, 2023
|
2 min read
The parallels of AI and open source in software development
Aug 25, 2023
|
4 min read
The rise of AI in software development
Aug 11, 2023
|
1 min read
Software due diligence for PE & VC investors
Jul 28, 2023
|
3 min read
Why nontechnical organizations need due diligence
Jul 14, 2023
|
2 min read
Software quality: Diligence prep for sellers
Jun 08, 2023
|
4 min read
Connecting the dots: Development + business risk + due diligence
May 26, 2023
|
2 min read
Secure software development for modern vehicles
Mar 07, 2023
|
2 min read
New government directives and persistent threats reinforce urgency of securing software
Oct 25, 2022
|
6 min read
Black Duck and the new Automated Source Code Data Protection Measure have you covered
Aug 28, 2022
|
4 min read
Tech tales: Achieving PCI compliance with application security testing
May 18, 2022
|
5 min read
AppSec Decoded: Is an SBOM a silver bullet for software supply chain security?
Apr 05, 2022
|
1 min read
NIST provides recommended criteria for cybersecurity labeling for consumer software and IoT products
Mar 14, 2022
|
7 min read
What the cybersecurity executive order means for the private sector
Feb 14, 2022
|
3 min read
AppSec Decoded: A proactive approach to building trust in your software supply chain
Dec 20, 2021
|
1 min read
Detecting Log4j (Log4Shell): Mitigating the impact on your organization
Dec 15, 2021
|
8 min read
How to cybersecurity: Heartbleed deep dive
Oct 24, 2021
|
8 min read
AppSec Decoded: New executive order changes dynamic of software security standards
Jul 28, 2021
|
1 min read
Practical solutions for a secure automotive software development process following ISO/SAE 21434
Jul 19, 2021
|
4 min read
Data privacy laws drive urgency to create a data security strategy
Jun 14, 2021
|
3 min read
How to achieve MISRA and AUTOSAR coding compliance
Jun 10, 2021
|
6 min read
CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ
Jun 07, 2021
|
1 min read
A CISO’s guide to sensitive data protection
May 25, 2021
|
3 min read
Cybersecurity Executive Order requires new software security standards
May 12, 2021
|
4 min read
Black Duck CyRC named a CVE Numbering Authority
Mar 28, 2021
|
2 min read
Securing your code: GDPR best practices for application security
Jan 26, 2021
|
7 min read
CyRC analysis: Authentication bypass vulnerability in Bouncy Castle
Dec 16, 2020
|
2 min read
Automotive threat analysis and risk assessment method
Nov 17, 2020
|
2 min read
Cyber security assurance levels in the automotive supply chain
Nov 04, 2020
|
4 min read
CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing
Oct 28, 2020
|
5 min read
Are you ready for ISO SAE 21434 Cybersecurity of Road Vehicles?
Oct 11, 2020
|
3 min read
MITRE releases 2020 CWE Top 25 most dangerous software weaknesses
Sep 17, 2020
|
5 min read
Apache Struts research at scale, Part 3: Exploitation
Aug 02, 2020
|
12 min read
3 ways to boost your security with role-based security compliance training
May 05, 2020
|
4 min read
CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices
Apr 27, 2020
|
15 min read
What is the Ghostcat vulnerability (CVE-2020-1938)?
Mar 31, 2020
|
3 min read
Apache Struts research at scale, Part 2: Execution environments
Mar 10, 2020
|
7 min read
Want to comply with privacy laws? Start with security
Feb 19, 2020
|
6 min read
Cost of data breaches in 2019: The 4 worst hits on the corporate wallet
Dec 10, 2019
|
7 min read
Apache Struts research at scale, Part 1: Building 115 versions of Struts
Oct 24, 2019
|
11 min read
Best practices for secure application development
Oct 09, 2019
|
8 min read
Coverity release ties in well to the latest MITRE CWE Top 25
Sep 26, 2019
|
2 min read
Awash in regulations, companies struggle with compliance
Sep 10, 2019
|
7 min read
Apollo 11 software lessons still relevant today
Jul 30, 2019
|
7 min read
Securing software development: NIST joins the parade
Jul 16, 2019
|
6 min read
Ask the Experts: Should the US have a data privacy law similar to GDPR?
Jun 10, 2019
|
8 min read
Are you making these software standards compliance mistakes?
Apr 18, 2019
|
2 min read
Hard questions raised when a software ‘glitch’ takes down an airliner
Nov 28, 2018
|
5 min read
WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities
Nov 15, 2018
|
6 min read
Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table
Nov 14, 2018
|
5 min read
LifeLock lesson—Third party security is your security
Jul 31, 2018
|
2 min read
Data breaches and more data breaches—oh my!
Apr 12, 2018
|
2 min read
Still just recommendations, not regulation, for IoT security
Mar 16, 2018
|
6 min read
The Data Protection Directive versus the GDPR: Understanding key changes
Jan 18, 2018
|
6 min read
What does GDPR enforcement mean for your business?
Jan 08, 2018
|
4 min read
Does software quality equal software security? It depends
Mar 26, 2017
|
4 min read
An overview of open standards for IoT communication protocols
Jan 31, 2017
|
3 min read
5 reasons to use third-party authentication instead of creating your own
Nov 28, 2016
|
4 min read
AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices
Sep 24, 2016
|
1 min read
Software testing included in final ISA / IEC 62443-4-1
Sep 15, 2016
|
1 min read
Standard versus proprietary security protocols
May 28, 2014
|
3 min read
SHA2 ‘vs.’ SHA1
Jan 20, 2014
|
2 min read