Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

Secure cloud-native apps and APIs at the speed your business demands

The cloud-native development model entered the mainstream in recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend. Thanks to these emerging technologies, organizations can build and run their apps fast, in a distributed manner, and without reliance on physical hardware infrastructures.

The benefits of business logic assessments

The digital realm is an ever-expanding universe, and web applications serve as the gateway to valuable customer data, sensitive information, and financial transactions. Threat actors and cybercriminals are constantly devising new techniques to exploit vulnerabilities within these applications. Further, data privacy is a paramount concern, and organizations are entrusted with safeguarding information.

The hidden business risks of technical debt in mergers and acquisitions

In the fast-paced world of technology business, mergers and acquisitions (M&As) have become commonplace. Companies often seek growth, innovation, and market expansion through these strategic moves. However, amidst the excitement of potential synergies and increased market share, there is a lurking danger that can significantly impact the success of an M&A deal: technical debt.

How to respond to the curl and libcurl vulnerabilities

As referenced in our previous post, the software development world has been bracing for additional details regarding two vulnerabilities associated with cURL, one of which was assessed as critical by the maintainer and original creator of the project. The wait ended this morning, as a fixed version was released and details about the vulnerabilities were provided.

Deep Dive: 2023 Global State of DevSecOps Report

Aimed at examining the strategies, tools, and practices impacting software security, the just-released “Global State of DevSecOps 2023” report from Synopsys, is based on a survey conducted by Censuswide polling more than 1,000 IT professionals across the world. The following is a deep dive into key report findings.

Preparing for critical libcurl and curl vulnerabilities (CVE-2023-38545)

The maintainer and original author of curl, Daniel Stenberg, has taken to X (formerly Twitter) and LinkedIn to sound the alarm on what he refers to as “probably the worst security problem found in curl in a long time.” According to project maintainers, the fixed version, 8.4.0, is set to be released on Wednesday, October 11.

Find open source vulnerabilities in containers with Black Duck Binary Analysis | Synopsys

Discover how to identify open source components and vulnerabilities in various software binaries including container images, mobile apps, and embedded software with Black Duck Binary Analysis What’s covered?

Track and manage open source risks across your application portfolio with Black Duck SCA | Synopsys

Learn how your security teams can take a proactive approach to managing open-source risk using Black Duck. Join us as we explore the process of analyzing scan results, addressing new CVEs, and prioritizing remediation efforts.

Find secure, compliant, and high-quality OSS components with Black Duck SCA | Synopsys

In this video, we take you on a tour through Black Duck’s SCA tool to show you how you can find and select the most high-quality open-source components for your applications. Key Highlights: Ready to save time and innovate with confidence? Visit synopsys.com/blackduck to learn more about obtaining visibility into component health and viability.

Build an SBOM in under 30 seconds with Black Duck SCA | Synopsys

In this video, we show you how easy it is to create an open source Software Bill of Materials (SBOMs) using Black Duck. Join us as we demonstrate how to effortlessly generate an SBOM in under 30 seconds, empowering enterprise teams to prioritize SBOM creation.

XML external entity injection vulnerability in OpenNMS

OpenNMS is a Java language open source network monitoring platform. The OpenNMS platform monitors some of the largest networks in the Fortune 500, covering the healthcare, technology, energy, finance, government, education, retail, and industrial sectors, many with tens of thousands of networked devices.