Jul 17, 2025/7 min read Navigating the EU Cyber Resilience Act Corey Hamilton, Fred Bals Jul 17, 2025 | 7 min read
Nov 04, 2024/6 min read Major changes and challenges of PCI DSS 4.0 John Waller Nov 04, 2024 | 6 min read
Apr 20, 2024/5 min read Building a software Bill of Materials with Black Duck Mike McGuire Apr 20, 2024 | 5 min read
Dec 13, 2023/4 min read Making intelligent tradeoffs in software due diligence Phil Odence Dec 13, 2023 | 4 min read
Sep 08, 2023/2 min read Black Duck audits reporting update: Streamlined view of risks and remediation steps Phil Odence Sep 08, 2023 | 2 min read
Aug 25, 2023/4 min read The parallels of AI and open source in software development Phil Odence Aug 25, 2023 | 4 min read
Jul 28, 2023/3 min read Software due diligence for PE & VC investors Zvi Levitas Jul 28, 2023 | 3 min read
Jul 14, 2023/2 min read Why nontechnical organizations need due diligence Don Mulrenan Jul 14, 2023 | 2 min read
Jun 08, 2023/4 min read Software quality: Diligence prep for sellers Chris Boyd Jun 08, 2023 | 4 min read
May 26, 2023/2 min read Connecting the dots: Development + business risk + due diligence Phil Odence May 26, 2023 | 2 min read
Mar 07, 2023/2 min read Secure software development for modern vehicles Dr. Dennis Kengo Oka Mar 07, 2023 | 2 min read
Oct 25, 2022/6 min read New government directives and persistent threats reinforce urgency of securing software Black Duck Editorial Staff Oct 25, 2022 | 6 min read
Aug 28, 2022/4 min read Black Duck and the new Automated Source Code Data Protection Measure have you covered Charlotte Freeman Aug 28, 2022 | 4 min read
May 18, 2022/5 min read Tech tales: Achieving PCI compliance with application security testing Chai Bhat May 18, 2022 | 5 min read
Apr 05, 2022/1 min read AppSec Decoded: Is an SBOM a silver bullet for software supply chain security? Black Duck Editorial Staff Apr 05, 2022 | 1 min read
Mar 14, 2022/7 min read NIST provides recommended criteria for cybersecurity labeling for consumer software and IoT products Taylor Armerding Mar 14, 2022 | 7 min read
Feb 14, 2022/3 min read What the cybersecurity executive order means for the private sector Mike McGuire Feb 14, 2022 | 3 min read
Dec 20, 2021/1 min read AppSec Decoded: A proactive approach to building trust in your software supply chain Black Duck Editorial Staff Dec 20, 2021 | 1 min read
Dec 15, 2021/8 min read Detecting Log4j (Log4Shell): Mitigating the impact on your organization Michael White Dec 15, 2021 | 8 min read
Oct 24, 2021/8 min read How to cybersecurity: Heartbleed deep dive Jonathan Knudsen Oct 24, 2021 | 8 min read
Jul 28, 2021/1 min read AppSec Decoded: New executive order changes dynamic of software security standards Black Duck Editorial Staff Jul 28, 2021 | 1 min read
Jul 19, 2021/4 min read Practical solutions for a secure automotive software development process following ISO/SAE 21434 Dr. Dennis Kengo Oka Jul 19, 2021 | 4 min read
Jun 14, 2021/3 min read Data privacy laws drive urgency to create a data security strategy Anna Chiang Jun 14, 2021 | 3 min read
Jun 10, 2021/6 min read How to achieve MISRA and AUTOSAR coding compliance Dr. Dennis Kengo Oka Jun 10, 2021 | 6 min read
Jun 07, 2021/1 min read CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ Jonathan Knudsen Jun 07, 2021 | 1 min read
May 25, 2021/3 min read A CISO’s guide to sensitive data protection Anna Chiang May 25, 2021 | 3 min read
May 12, 2021/4 min read Cybersecurity Executive Order requires new software security standards Black Duck Editorial Staff May 12, 2021 | 4 min read
Mar 28, 2021/2 min read Black Duck CyRC named a CVE Numbering Authority Taylor Armerding Mar 28, 2021 | 2 min read
Jan 26, 2021/7 min read Securing your code: GDPR best practices for application security Taylor Armerding Jan 26, 2021 | 7 min read
Dec 16, 2020/2 min read CyRC analysis: Authentication bypass vulnerability in Bouncy Castle Cybersecurity Research Center Dec 16, 2020 | 2 min read
Nov 17, 2020/2 min read Automotive threat analysis and risk assessment method Jacob Wilson Nov 17, 2020 | 2 min read
Nov 04, 2020/4 min read Cyber security assurance levels in the automotive supply chain Jacob Wilson Nov 04, 2020 | 4 min read
Oct 28, 2020/5 min read CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing Tuomo Untinen, Kari Hulkko Oct 28, 2020 | 5 min read
Oct 11, 2020/3 min read Are you ready for ISO SAE 21434 Cybersecurity of Road Vehicles? Jacob Wilson Oct 11, 2020 | 3 min read
Sep 17, 2020/5 min read MITRE releases 2020 CWE Top 25 most dangerous software weaknesses Taylor Armerding Sep 17, 2020 | 5 min read
Aug 02, 2020/12 min read Apache Struts research at scale, Part 3: Exploitation Christopher Fearon Aug 02, 2020 | 12 min read
May 05, 2020/4 min read 3 ways to boost your security with role-based security compliance training Black Duck Editorial Staff May 05, 2020 | 4 min read
Apr 27, 2020/15 min read CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices Black Duck Editorial Staff Apr 27, 2020 | 15 min read
Mar 31, 2020/3 min read What is the Ghostcat vulnerability (CVE-2020-1938)? Tanay Sethi Mar 31, 2020 | 3 min read
Mar 10, 2020/7 min read Apache Struts research at scale, Part 2: Execution environments Christopher Fearon Mar 10, 2020 | 7 min read
Feb 19, 2020/6 min read Want to comply with privacy laws? Start with security Taylor Armerding Feb 19, 2020 | 6 min read
Dec 10, 2019/7 min read Cost of data breaches in 2019: The 4 worst hits on the corporate wallet Taylor Armerding Dec 10, 2019 | 7 min read
Oct 24, 2019/11 min read Apache Struts research at scale, Part 1: Building 115 versions of Struts Christopher Fearon Oct 24, 2019 | 11 min read
Oct 09, 2019/8 min read Best practices for secure application development Taylor Armerding Oct 09, 2019 | 8 min read
Sep 26, 2019/2 min read Coverity release ties in well to the latest MITRE CWE Top 25 Black Duck Editorial Staff Sep 26, 2019 | 2 min read
Sep 10, 2019/7 min read Awash in regulations, companies struggle with compliance Taylor Armerding Sep 10, 2019 | 7 min read
Jul 30, 2019/7 min read Apollo 11 software lessons still relevant today Taylor Armerding Jul 30, 2019 | 7 min read
Jul 16, 2019/6 min read Securing software development: NIST joins the parade Taylor Armerding Jul 16, 2019 | 6 min read
Jun 10, 2019/8 min read Ask the Experts: Should the US have a data privacy law similar to GDPR? Black Duck Editorial Staff Jun 10, 2019 | 8 min read
Apr 18, 2019/2 min read Are you making these software standards compliance mistakes? Black Duck Editorial Staff Apr 18, 2019 | 2 min read
Nov 28, 2018/5 min read Hard questions raised when a software ‘glitch’ takes down an airliner Taylor Armerding Nov 28, 2018 | 5 min read
Nov 15, 2018/6 min read WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities Tuomo Untinen Nov 15, 2018 | 6 min read
Nov 14, 2018/1 min read CyRC Vulnerability Advisory: CVE-2018-18907 authentication bypass vulnerability in D-Link DIR-850L wireless router Cybersecurity Research Center Nov 14, 2018 | 1 min read
Nov 14, 2018/5 min read Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table Taylor Armerding Nov 14, 2018 | 5 min read
Jul 31, 2018/2 min read LifeLock lesson—Third party security is your security Tim Mackey Jul 31, 2018 | 2 min read
Apr 12, 2018/2 min read Data breaches and more data breaches—oh my! Tim Mackey Apr 12, 2018 | 2 min read
Mar 16, 2018/6 min read Still just recommendations, not regulation, for IoT security Taylor Armerding Mar 16, 2018 | 6 min read
Jan 18, 2018/6 min read The Data Protection Directive versus the GDPR: Understanding key changes Black Duck Editorial Staff Jan 18, 2018 | 6 min read
Jan 08, 2018/4 min read What does GDPR enforcement mean for your business? Stephen Gardner Jan 08, 2018 | 4 min read
Mar 26, 2017/4 min read Does software quality equal software security? It depends Black Duck Editorial Staff Mar 26, 2017 | 4 min read
Jan 31, 2017/3 min read An overview of open standards for IoT communication protocols Black Duck Editorial Staff Jan 31, 2017 | 3 min read
Nov 28, 2016/4 min read 5 reasons to use third-party authentication instead of creating your own Black Duck Editorial Staff Nov 28, 2016 | 4 min read
Sep 24, 2016/1 min read AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices Black Duck Editorial Staff Sep 24, 2016 | 1 min read
Sep 15, 2016/1 min read Software testing included in final ISA / IEC 62443-4-1 Black Duck Editorial Staff Sep 15, 2016 | 1 min read
May 28, 2014/3 min read Standard versus proprietary security protocols Chandu Ketkar May 28, 2014 | 3 min read