Featured New Posts

Open Source Delivers

5 Briefings I’m Looking Forward to at Black Hat USA 2016

5 Briefings I'm Looking forward to at Black Hat USA 2016

Black Hat USA 2016 , the conference “built by and for the global InfoSec community,” takes place next week in (surprise) Las Vegas. Time to make your tinfoil hat, pick […]

Read More

Top 5 OpenStack Security Sessions for OpenStack Summit Barcelona

Top 5 OpenStack Security Sessions for OpenStack Summit Barcelona

The OpenStack team just opened voting for their next OpenStack Summit event, held in Barcelona this fall. I’m hoping that OpenStack security will feature prominently in the final selections. Over […]

Read More

What’s the Physical Fitness of Your Culture?

What’s the Physical Fitness of Culture at Your Company?

As with people, the health of an organization relies on many factors. When it comes to company culture, I see both the mental fitness (vision, mission and guiding principles) and physical fitness (amenities, events, […]

Read More

Containers in Production

Using Containers in Production Environments

At the Open Source Open Standards event in London this month, an interesting question originated from my session on securing applications. (I’ve uploaded my deck to SlideShare for reference.) In this presentation I explored how to understand whether a […]

Read More

PassW0rd Podcast – Bob Canaway on Open Source and Open Source Security Audits

PassW0rd Podcast - Bob Canaway on Open Source and Open Source Security Audits

Black Duck’s CMO, Bob Canaway was recently a guest on the PassW0rd radio programme, discussing open source and the results of Black Duck’s report on Open Source Security Audits with host Peter Warren, editor […]

Read More

Revisiting the OWASP Top 10 Application Security Risks 2013 Report

OWASP Top 10

The comment period for the OWASP Top 10 2016 report closed July 20th, but I’m looking forward to the updated list of best practices in web operations. For those of you unfamiliar with […]

Read More

3 Risks of Relying on Manifest File Parsing Alone

3 Risks of Relying on Parsing Manifest Files

A number of tools have appeared on the market that identify open source purely by parsing declarations and manifest files, such as POM files for Java or packages.config files for […]

Read More

As open source use accelerates globally, AppSec leaders address security gaps

Application Security leaders address security gaps in open source

Demand Increasing for Complete Application-Security Picture Today we announced the integration of Black Duck Hub with HPE Security Fortify Software Security Center (SSC), complementing Fortify’s static, dynamic, and runtime application […]

Read More

Comprehensive Application Security with Black Duck Hub and HPE Fortify

Comprehensive Application Security with Black Duck Hub and HPE Fortify

We’re pleased to announce the integration of our Hub solution into HPE Security Fortify Software Security Center (SSC), which helps organizations measure and control their application security posture and provides visibility into […]

Read More

How Do You Manage Open Source Security of Third Party Apps?

How Do You Manage Open Source Security of Third Party Apps?

Bake Visibility into the Binary Supply Chain Most large companies use software from suppliers, which they in turn embed into their devices. This flow of software may be called the Software Supply Chain; […]

Read More