Featured New Posts

Open Source Delivers

Containers in Production

Using Containers in Production Environments

At the Open Source Open Standards event in London this month, an interesting question originated from my session on securing applications. (I’ve uploaded my deck to SlideShare for reference.) In this presentation I explored how to understand whether a […]

Read More

PassW0rd Podcast – Bob Canaway on Open Source and Open Source Security Audits

PassW0rd Podcast - Bob Canaway on Open Source and Open Source Security Audits

Black Duck’s CMO, Bob Canaway was recently a guest on the PassW0rd radio programme, discussing open source and the results of Black Duck’s report on Open Source Security Audits with host Peter Warren, editor […]

Read More

Revisiting the OWASP Top 10 Application Security Risks 2013 Report

OWASP Top 10

Your chance to contribute to the OWASP Top 10 2016 report expires July 20th. Don’t miss this rare opportunity to influence best practices in web operations. For those of you unfamiliar […]

Read More

3 Risks of Relying on Manifest File Parsing Alone

3 Risks of Relying on Parsing Manifest Files

A number of tools have appeared on the market that identify open source purely by parsing declarations and manifest files, such as POM files for Java or packages.config files for […]

Read More

As open source use accelerates globally, AppSec leaders address security gaps

Application Security leaders address security gaps in open source

Demand Increasing for Complete Application-Security Picture Today we announced the integration of Black Duck Hub with HPE Security Fortify Software Security Center (SSC), complementing Fortify’s static, dynamic, and runtime application […]

Read More

Comprehensive Application Security with Black Duck Hub and HPE Fortify

Comprehensive Application Security with Black Duck Hub and HPE Fortify

We’re pleased to announce the integration of our Hub solution into HPE Security Fortify Software Security Center (SSC), which helps organizations measure and control their application security posture and provides visibility into […]

Read More

How Do You Manage Open Source Security of Third Party Apps?

How Do You Manage Open Source Security of Third Party Apps?

Bake Visibility into the Binary Supply Chain Most large companies use software from suppliers, which they in turn embed into their devices. This flow of software may be called the Software Supply Chain; […]

Read More

Containers, Security & Weddings at Red Hat Summit

Containers, Security & Weddings at Red Hat Summit

What do Containers, DevOps, Security and a Wedding have in common? They all made news at the 2016 Red Hat Summit in San Francisco. This was one of the most interesting technology conferences I’ve participated in. I realize that “interesting […]

Read More

More Progress on Container Security

Red Hat Integration: Container Security

Red Hat & Black Duck This week Red Hat and Black Duck announced a new security-scanning capability for Red Hat Atomic Host, which is the second step in a collaborative project to […]

Read More

Celebrating Free(not as in beer)dom

Celebrating Free(not as in beer)dom

In the United States we’re enjoy our hot dogs, beers and fireworks over this weekend, but take a moment to think about open source software. Admittedly in my case doing so […]

Read More