Open Source

veracode

Key Takeaways for Developers From SOSS v11: Open Source Edition

Our latest State of Software Security: Open Source Edition report just dropped, and developers will want to take note of the findings. After studying 13 million scans of over 86,000 repositories, the report sheds light on the state of security around open source libraries – and what you can do to improve it. The key takeaway? Open source libraries are a part of pretty much all software today, enabling developers to work faster and smarter, but they’re not static.

synopsys

Reduce open source software risks in your supply chain

Knowing what’s in your open source software, whether you’re a consumer or producer, can help you manage security risks in your supply chain Modern open source software (OSS) is a movement that started in the eighties as a reaction to commercial software becoming more closed and protected. It allowed academics, researchers, and hobbyists to access source code that they could reuse, modify, and distribute openly.

synopsys

How an open source software audit works

Open source software audits can identify undetected issues in your codebase. Learn how our audit services can help you understand the risks during an M&A. Most of our clients understand that an open source software audit differs from an automated scan. An audit involves expert consultants analyzing a proprietary codebase using a combination of Black Duck® commercial tools and tools we’ve developed and use internally.

Glaring Gap in Open Source Security: Veracode Finds 80 percent of Libraries Used in Software Are Never Updated

Despite inherent risks of open source code, good software security posture still lacking. 69 percent of fixes are minor and won't break functionality of even the most complex software applications.
veracode

Announcing State of Software Security v11: Open Source Edition

Today, we published the open source edition of our annual State of Software Security report. Solely focused on the security of open source libraries, the report includes analysis of 13 million scans of more than 86,000 repositories, containing more than 301,000 unique libraries. In last year’s open source edition report, we looked at a snapshot of open source library use and security.

nightfall

Open source data loss prevention for helpdesk ticketing systems

When your customers want help, ticketing systems provide the first line of communication between your company and your customers. Solving a problem or resolving an issue for your customers often requires collecting a lot of information and context throughout the support interaction. Especially today, these interactions can be captured through a myriad of channels including but not limited to messaging apps, SMS, social media, help centers, forums, bots, video conferencing, and more.

synopsys

Reduce open source risk in M&A with software due diligence

The vast majority of today’s applications are made up of open source components. The 2021 “Open Source Security and Risk Analysis” (OSSRA) report, conducted by the Synopsys Cybersecurity Research Center (CyRC), found that 75% of the 1,500+ codebases analyzed were composed of open source. Understanding what’s in your codebase is essential, and for M&A transactions it’s one of the key drivers for performing software due diligence.

Snyk

Advancing SBOM standards: Snyk and SPDX

Many people will have heard of the SPDX project through the work on the SPDX License List. This list of canonical identifiers for various software licenses is used in a huge range of developer-focused software, from Snyk to GitHub. But the SPDX project, which is part of the Linux Foundation, has a much broader focus on providing an open standard for communicating software bill of material information.

Reduce open source risk in M&A with software due diligence | Synopsys

Understanding what’s in your codebase is essential, and for M&A transactions it’s one of the key drivers for performing software due diligence. Identifying open source risks, security flaws, and code quality issues ensures there are no surprises for acquirers, and earlier detection protects the value of a deal.