AppSec Decoded: Open source trends uncovered in the 2023 OSSRA report | Synopsys
Discover what the 2023 OSSRA report tells us about the popularity of open source and the risks it brings.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
February 2023
Securing the Software Supply Chain: Key Findings from the Mend Open Source Risk Report
Threat actors will always target the things most important to businesses, and today, that means applications–the lifeblood of the global economy. As the recent Mend Open Source Risk Report reveals, the ongoing rise in open source vulnerabilities and software supply chain attacks presents significant business risk. The number of open source vulnerabilities are growing, just as threat actors are launching increasingly sophisticated attacks.
2023 OSSRA: A deep dive into open source trends
Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2023 OSSRA report. It’s that time of year again: Now in its 8th edition, the Synopsys “Open Source Security and Risk Analysis” (OSSRA) report launched earlier this week.
Open Source License Management Tools: Features and Best Practices
Effectively managing the many open source licenses used in enterprise software is a complex task that requires a thorough evaluation of key features in software license management tools. After that, you need to implement the technology using several best practices. In this blog post, let’s take a brief look at both.
Don't be the weakest link
Open source provides a shortcut to functionality developed by others. But with exponential growth in the use of open source there is a very real risk of businesses failing to keep track of components, their dependencies and licenses. It's more important than ever to stay in control of the code your applications depend on and with typically hundreds of dependencies, this is not a small task. Avoid being the weakest link - understand the risks associated with your software supply chain and how to control them!
Navigating software due diligence with a Black Duck Audit
A Black Duck Audit provides a complete picture of the software risks in your acquisition target’s software or your own. Deciding on the best approach to managing software due diligence can be a significant challenge for organizations. Frequent acquirers have a playbook, but every transaction is different, and approaches must evolve as the market changes.
CloudNativeSecurityCon 2023: A Unique Community Event Focused On The Future Of Open Source and Cloud Native Security
Read some of the highlights from CloudNativeSecurityCon 2023, the first-of-its-kind in-person event, grown from the conversations of the community on the front lines of open source security.
Open Source License Management Tools: Challenges, Opportunities, and What to Look Out For
More and more companies are using more and more open source. The stats I’ve seen say seventy to seventy-five percent of all applications use open source or have some type of open source associated with them. I think that number is actually higher. Of all the companies that I’ve worked for, just about every single application has some type of open source associated with it.
CyRC Special Report: How companies fared in the aftermath of Log4Shell
We examine the Log4Shell disclosure through the lens of the Black Duck Knowledge Base to understand how organizations respond to high-profile vulnerabilities.
Creating a Honeytoken - Complete Tutorial
Honey Tokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.