Featured New Posts

Open Source Delivers

Open Source is the New Development Methodology

Open Source is the New Development Methodology

A couple of months ago I wrote that open source has become the way we write software today and the implications that dynamic has on the world of security. This new […]





Read More

Three Effective Ways to Make Application Security Testing a Successful Part of Your DevOps Program

Three Effective Ways to Make Application Security Testing a Successful Part of Your DevOps Program

I co-authored this post about empowering application security with Constantine Grancharov, Product Manager, Application Security Solutions at IBM. From the latest agile development tools to innovative delivery platforms such as containers, […]





Read More

Black Duck’s Open Hub in 2016

What's going on with Open Hub in 2016

Hail Hubbites! There has been a lot of activity behind the scenes at Open Hub Central with a steady stream of improvements rolling into production. We’d like to brag talk about them […]





Read More

Questions and Answers from the Future of Open Source Webinar

Questions and Answers Future of Open Source

A few weeks ago we revealed the results of the 2016 Future of Open Source survey, which we ran with North Bridge. We had such a great discussion about our findings […]





Read More

Myths of Open Source Management: Application Security

Myths of Open Source Management: Application Security

It’s been a little over a month since the Panama Papers leak splashed across news headlines, not only titillating readers of the tabloid press and bringing down heads of state, […]





Read More

How Do You Hire an Open Source Software Developer?

How Do You Hire an Open Source Software Developer?

We recently added a chat feature on our website, which has led to some pretty interesting questions. I decided to share this one about hiring an open source software developer […]





Read More

What’s Missing in PCI and Vulnerability Assessments?

Vulnerability Assessments in PCI - What's Missing

Recently I hosted a webinar about the regulatory landscape for vulnerability assessments in systems that manage or store sensitive data. Over time, we’ve seen more and more regulatory scrutiny coming […]





Read More

65% of Companies are Contributing to Open Source Projects

65% of companies are contributing to open source projects

This year marks the 10th annual Future of Open Source Survey to examine trends in open source, hosted by Black Duck and North Bridge. The big takeaway from the survey this year centers around the mainstream […]





Read More

Are SaaS Companies Immune to Open Source Risk?

SaaS Companies using Open Source - What should they be aware of?

The brief answer to the question in my title is “no.” While there’s a grain of truth with respect to the use of the GPL licensed components, SaaS companies are […]





Read More

What We Can Learn from Automotive Recalls

What We Can Learn from Automotive Recalls

People in the software industry tend to think of themselves as pretty sophisticated from a technical perspective. We have plenty of “smart” devices (and know how to use them), are […]





Read More