Open source software audits can identify undetected issues in your codebase. Learn how our audit services can help you understand the risks during an M&A. Most of our clients understand that an open source software audit differs from an automated scan. An audit involves expert consultants analyzing a proprietary codebase using a combination of Black Duck® commercial tools and tools we’ve developed and use internally.

Today, we published the open source edition of our annual State of Software Security report. Solely focused on the security of open source libraries, the report includes analysis of 13 million scans of more than 86,000 repositories, containing more than 301,000 unique libraries. In last year’s open source edition report, we looked at a snapshot of open source library use and security.

When your customers want help, ticketing systems provide the first line of communication between your company and your customers. Solving a problem or resolving an issue for your customers often requires collecting a lot of information and context throughout the support interaction. Especially today, these interactions can be captured through a myriad of channels including but not limited to messaging apps, SMS, social media, help centers, forums, bots, video conferencing, and more.

The vast majority of today’s applications are made up of open source components. The 2021 “Open Source Security and Risk Analysis” (OSSRA) report, conducted by the Synopsys Cybersecurity Research Center (CyRC), found that 75% of the 1,500+ codebases analyzed were composed of open source. Understanding what’s in your codebase is essential, and for M&A transactions it’s one of the key drivers for performing software due diligence.

Many people will have heard of the SPDX project through the work on the SPDX License List. This list of canonical identifiers for various software licenses is used in a huge range of developer-focused software, from Snyk to GitHub. But the SPDX project, which is part of the Linux Foundation, has a much broader focus on providing an open standard for communicating software bill of material information.

In a world that is constantly evaluating costs, it is little wonder that there is an increasing demand for cost-effective solutions to business problems. In the real world, this means ‘free,’ and in the digital marketplace, it means ‘open source.’

Today, we are proud to announce the expansion of the partnership between Synopsys and the OpenChain project to include third-party certification. The OpenChain Project already recognizes the open source expertise of Synopsys in both the service provider and vendor space. This latest recognition ensures that Synopsys participates in and continuously aligns to the OpenChain Project and ISO/IEC 5230 compliance specification.