Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2022

Introducing IaC Security from Black Duck

Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.

Addressing cybersecurity challenges in open source software with the Linux Foundation

Snyk recently partnered with the Linux Foundation to produce a report focusing on the state of security in the open source software (OSS) space. The report was based on 550+ survey responses and 15 interviews with OSS maintenance and cybersecurity experts. Following the report’s publication, experts from Snyk held a webinar with the Linux Foundation to discuss some of the key insights.

Be enterprise-ready: Three reasons not to build enterprise features!

If you are thinking about building features to be enterprise-ready, there are typically two paths that brought you here: Either way, you need to be aware that selling to enterprises is super exciting, especially if you like to play golf and you are ok with a long sales cycle - it could easily take you up to three years to close a deal. Enterprises can be scared to give startups a chance and startups often lose out to more established businesses.

Top open source licenses and legal risk for developers

Learn about the top open source licenses used by developers, including the 20 most popular open source licenses, and their legal risk categories. If you’re a software developer, you probably use open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges?

The M&A Open Source Risk Number

Find out what our audit services team unearthed in the 2,400+ codebases we reviewed in 2021. Spoiler alert: In 2021, audits found open source in 100% of our customer engagements. Regular readers know that Synopsys recently published the seventh edition of the “Open Source Security and Risk Assessment” (OSSRA) report. We think it provides the best information available about usage of open source in the wild, and the frequency of open source risks.

AppSec Decoded: Get the most out of your open source software | Synopsys

Watch our latest edition of AppSec Decoded as Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys Software Integrity Group, discuss the value of Black Duck® by Synopsys audit services in the M&A world, and ways to reap the benefits of your open source software without falling victim to the risks.

Snyk Live : Legal Side of Open Source Use with Yos Pang

Open source use has spread rapidly throughout the world. With many governments, businesses and consumers utilising open source libraries and platforms on a daily basis. As the adoption of open source has increased there are many legal aspects to consider including licensing, compliance and more. This special episode of Snyk Live we are joined by Snyk Head of APJ Legal, Yos Pang. Yos is an international, commercial technology lawyer, with a strong background in intellectual property and a particular interest in open source and open content issues.