Featured New Posts

Open Source Delivers

Custom and Open-Source Code: A New Approach to Application Security Management

IBM and Black Duck announce Hub integration with AppScan for application security

I co-authored this post with Constantine Grancharov, Product Manager, Application Security Solutions at IBM. Software applications access many of the most important assets organizations manage, such as intellectual property, strategic […]





Read More

“Enough Eyeballs” Isn’t Enough for the Security of Open Source Code

Companies need to take steps to control the security of open source code

How can you harness the benefits of open source software without jeopardizing the security of an entire application? The need for secure code has never been greater, but the software […]





Read More

Why Talk About Open Source Software Management?

Lawyers need to have a meaningful open source management policy

As General Counsel at Black Duck, I have the unique opportunity to speak with a large number of lawyers about open source software management and reuse. Over the years, these conversations […]





Read More

Shipping Our Own Product in a Docker Container

Using a container to ship our own product was an eye opening experience

Our Product Development team received requirements late last year that represented a new (but not totally unexpected) deployment scenario that needed to be supported in order for us to penetrate […]





Read More

Partnering to Enable Secure Container Adoption

Partnering to distribute secure containers

For those who know me, you will appreciate that I have a little experience in the virtualization world. For 15 years, I bet my career on it. However, at the […]





Read More

Medical Devices and the recognition of ephemeral security

FDA announces new cybersecurity recommendations for medical device requirements

Last week, the FDA announced new cybersecurity recommendations for manufacturers of medical devices, including a requirement to “monitor, identify and address cybersecurity vulnerabilities and exploits as part of their post-market […]





Read More

Top 10 open source legal developments in 2015

Mark Radcliffe shared his top 10 legal developments in open source for 2015

ein In 2015 there were a variety of legal issues of importance to the FOSS (free and open source) community. Continuing the tradition of looking back over the top ten legal developments in […]





Read More

Another Security Report, Another Argument for Knowing Your Code

Security breaches occur even when vulnerabilities have been identified

BMC and Forbes Insight released a report early last week on issues related to security and operations. Here is the statistic that garnered some headlines. “44% of senior executives say […]





Read More

Black Duck Hub Now Scans and Monitors Containers

Scan and monitor containers with the Black Duck Hub

When we saw the incredible excitement and growth of the Docker project back in 2013, it was an easy top pick for our 2013 Black Duck Rookie of the Year. […]





Read More

What Security Testing Tools Miss

Static and/or dynamic testing tools are valuable, but they don't find vulnerabilities in open source.

A common question we get when talking with prospective customers goes something along the lines of: “I’m using static and/or dynamic analysis tools already. Don’t they find vulnerabilities in open […]





Read More