Open Source

Find open source vulnerabilities in containers with Black Duck Binary Analysis | Synopsys

Oct 6, 2023 By Synopsys In Synopsys

Discover how to identify open source components and vulnerabilities in various software binaries including container images, mobile apps, and embedded software with Black Duck Binary Analysis What’s covered?

View Video

Synopsys

Read more about Find open source vulnerabilities in containers with Black Duck Binary Analysis | Synopsys

Track and manage open source risks across your application portfolio with Black Duck SCA | Synopsys

Oct 6, 2023 By Synopsys In Synopsys

Learn how your security teams can take a proactive approach to managing open-source risk using Black Duck. Join us as we explore the process of analyzing scan results, addressing new CVEs, and prioritizing remediation efforts.

View Video

Synopsys

Read more about Track and manage open source risks across your application portfolio with Black Duck SCA | Synopsys

Black Duck Security Advisories - Deeper more actionable insights than CVEs | Synopsys

Oct 5, 2023 By Synopsys In Synopsys

Explore how Synopsys conducts independent research to issue Black Duck Security Advisories (BDSAs), providing more in-depth vulnerability data related to open source components.

View Video

Synopsys

Read more about Black Duck Security Advisories - Deeper more actionable insights than CVEs | Synopsys

Find secure, compliant, and high-quality OSS components with Black Duck SCA | Synopsys

Oct 5, 2023 By Synopsys In Synopsys

In this video, we take you on a tour through Black Duck’s SCA tool to show you how you can find and select the most high-quality open-source components for your applications. Key Highlights: Ready to save time and innovate with confidence? Visit synopsys.com/blackduck to learn more about obtaining visibility into component health and viability.

View Video

Synopsys

Read more about Find secure, compliant, and high-quality OSS components with Black Duck SCA | Synopsys

Build an SBOM in under 30 seconds with Black Duck SCA | Synopsys

Oct 5, 2023 By Synopsys In Synopsys

In this video, we show you how easy it is to create an open source Software Bill of Materials (SBOMs) using Black Duck. Join us as we demonstrate how to effortlessly generate an SBOM in under 30 seconds, empowering enterprise teams to prioritize SBOM creation.

View Video

Synopsys

Read more about Build an SBOM in under 30 seconds with Black Duck SCA | Synopsys

Priorities from the OpenSSF Secure Open Source Software Summit 2023

Oct 4, 2023 By Dan Appelquist In Snyk

Snyk has been a long-time active participant in and sponsor of the Open Source Security Foundation (OpenSSF). We’re there because we believe in supporting its mission of securing the open source ecosystem. A recent summit meeting convened by the OpenSSF with the White House brought together various US Government departments for a chat about open source security.

Read Post

Snyk

Read more about Priorities from the OpenSSF Secure Open Source Software Summit 2023

From diligence to integration: How software audits inform post-close M&A strategies

Sep 22, 2023 By Synopsys Editorial Team In Synopsys

Software due diligence is an all-important aspect of any merger and acquisition (M&A) transaction, and in the tech M&A world, a target’s software assets are a significant part of the valuation. This due diligence process should identify a target company’s open source license obligations, application security and code quality risks, and the organization, processes, and practices that compose the software development life cycle.

Read Post

Synopsys

Read more about From diligence to integration: How software audits inform post-close M&A strategies

Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Sep 20, 2023 By Mend In Mend

Open source vulnerabilities are in permanent growth mode. A significant quarterly increase in the number of malicious packages published in registries such as npm and rubygems have shown the increasing need to protect against this trending attack. At the same time, companies struggle to close the remediation gap on known vulnerable open source code. It’s all in The Mend Open Source Risk Report, which details these and other significant risks posed by the ongoing rise in open source vulnerabilities and software supply chain attacks.

View Video

Mend

Read more about Securing the Software Supply Chain: Key Findings From the Mend Open Source Risk Report

Navigating the Open Source Landscape: Finding Your First Contribution

Sep 15, 2023 By Nathan Tarbert In BoxyHQ

🕵️‍♂️ Embarking on your journey and learning how to contribute to open source is an exciting step towards honing your programming skills, collaborating with experts, and giving back to the global developer community. However, the challenge often lies in finding the right project to kickstart your open-source journey.

Read Post

BoxyHQ

Read more about Navigating the Open Source Landscape: Finding Your First Contribution

Is Open Source Software Dead?

Sep 14, 2023 By John Walsh In CyberArk

Open source software (OSS) has driven technological growth for decades due to its collaborative nature and ability to share information rapidly. However, major OSS security vulnerabilities like Log4j, Heartbleed, Shellshock and others have raised concerns about the security and sustainability of similar projects. At the same time, major open source-based companies have changed their OSS licenses, like MongoDB, Elastic (formerly ElasticSearch), Confluent, Redis Labs and most recently, HashiCorp.

Read Post