Featured New Posts

Open Source Delivers

Linux Celebrates the Big 25, Microsoft Sends a Present, and Open Source Security News

The last full week of August closes out with the NVD CVE count now at 349 (46 added this week). The dog days of Summer meant a slow news week, […]

Read More

Bulgaria follows USA in supporting open source

Bulgarian government follows USA in supporting open source

Last March, the White House released a draft policy for requiring federal agencies to share software, with the possibility of requiring federally-funded code to be released as open source. Last month, […]

Read More

Cigital and Black Duck Join Forces to Secure Enterprise Software

Cigital and Black Duck Join Forces to Secure Enterprise Software

The growing use of open source is yet another facet of the ongoing evolution of software development. Cigital has a long history of evolving to keep step with the fast-paced […]

Read More

My Summer Learning to be a DUCK

My Summer Learning to be a DUCK at Black Duck Software

One of the first things that everyone learns during their onboarding at Black Duck is that the company strives to emanate the qualities of the duck. I don’t mean that […]

Read More

Open Source Security Podcasts, Containers and Android Vulnerabilities

Open Source Security Podcasts, Containers and Android Vulnerabilities

NVD only added a few CVEs over the last week (bringing the count to 303 vulnerabilities so far this month). Lots of podcasts recorded earlier this summer are (finally) available to listen to. Check them out! Container […]

Read More

LinuxCon in Toronto: Increasing DataCenter Security

LinuxCon Toronto: Increasing DataCenter Security with Hypervisor and Container Technologies

Managing datacenter operations can be quite the challenge. Not only do you need to deal with issues relating to physical infrastructure (which “software defined everything” makes abstract) and customers who […]

Read More

Why You Need to Pay Attention to OSS Compliance & Enforcement

Why You Need to Pay Attention to OSS Compliance & Enforcement

I have the opportunity to speak with people routinely about their organization’s open source use, in OSS compliance and security. And whether with prospective customers, with lawyers, audience members at my speaking […]

Read More

How to Enhance Your IT Due Diligence Approach

How to Round Out Your IT Due Diligence Approach

I recently read the 2016 Edition of the IT Due Diligence Guide by Jim Hoffman. It’s a valuable reference for anyone involved in mergers and acquisitions. Certainly, an acquirer who […]

Read More

A Myriad of NVD Vulnerability Reports and White House Goes Big on Open Source

A Myriad of NVD Vulnerability Reports and White House Goes Big on Open Source

NVD Vulnerability Reports It’s only the 12th of August, yet NVD has already listed 296 vulnerabilities for the month! Is one of them in your code? Use the free Black […]

Read More

Application Criticality: Knowing Your Adversary’s Goals

Application Criticality: Knowing Your Adversary’s Goals

We all worry about the adversary who is out to get us. It might be a criminal enterprise after credit card data, a competitor who wants our IP, or a nation […]

Read More