Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Defending against malicious packages in the npm ecosystem and beyond

Learn how to shield your organization from the danger of malicious packages in the npm ecosystem and beyond. Software packages are a popular means to distribute open source and third-party software. They are often pulled from an outside source through a package manager or installer program, and they typically include source code, libraries, documentation, and other files needed to build and run the software.

2023 OSSRA deep dive: High-risk vulnerabilities

The 2023 OSSRA report indicates that organizations are failing to patch high-risk vulnerabilities; our vulnerability deep-dive shows how to evaluate your own risk. According to the 2023 “Open Source Security and Risk Analysis” (OSSRA) report, 96% of commercial code contains open source material. In fact, 76% of the code that Black Duck® Audit Services scanned in 2022 was open source.

FDA: SBOMs requirement for connected medical devices

With FDA requirements mandating a cybersecurity bill of materials (CBOM) for medical devices, consider partnering with a trusted SBOM solution provider. In today’s world of Internet of Things (IoT), the possibility for connection is endless: cars, watches, light bulbs, HVAC, refrigerators—even humans and the devices monitoring and controlling their health can be connected.

Continuous scanning in your production environment is more important than ever

Whether external or internal-facing, your business undoubtedly runs on web applications… which makes continuous scanning your ally. Most likely, your business runs on web applications. Whether they’re external-facing corporate websites with customer portals and shopping carts, internal-facing SSO login pages, HR portals, or team sites, they run on web apps.

AppSec Decoded: Ease of use with Polaris

Learn how the Synopsys Polaris Software Integrity Platform® offers ease-of-use for even the most complex environments. The ongoing mantra of software developers is that they’re happy to include security in their development stream—but only if it doesn’t slow them down. Because the pressure for speed in development trumps the pressure for security. So over the past decade, software security teams have focused enormous energy on achieving that speed, with automated tools and services.

Enhancing cloud security posture with an effective cloud governance framework

An effective approach to enhancing your cloud security posture entails creating an effective cloud governance framework. In today’s digital era, cloud computing has become a critical component of businesses worldwide. Organizations leverage the cloud’s scalability, flexibility, and cost-effectiveness to drive innovation and growth. However, these benefits come with myriad security challenges. Cyberthreats are evolving rapidly and data breaches are growing both in frequency and impact.