How to cyber security: Software security is everyone’s responsibility
Remember group projects in school? Teachers love them because they have less grading to do; in a class of 25 students, they might only need to look at 5 projects. For team members, team projects can be difficult, usually when individual motivation levels don’t match up. On the other hand, team projects can be rewarding…
Black Duck continues to expand vulnerability prioritization methods
Black Duck has always recognized the importance of prioritizing open source security tasks by providing several key data points to help customers focus on what’s most critical. After all, with over 40 new software vulnerabilities being uncovered every day, it’s easy to become overwhelmed. In addition to offering detailed descriptions, expanded severity scoring, exploit information,…
Feds seek to up their cybersecurity game
The idea that the U.S. federal government could play a dominant and effective role in protecting the nation from malicious cyberattacks on everything from Internet of Things (IoT) devices to critical infrastructure to election voting systems might strike some people as absurd. Its catastrophic security failures are well known. The Office of Personnel Management (OPM)…
Taking a Look at Black Duck Hub in 2017
Randy Kilmon, VP of Engineering at Black Duck Software, takes a look back at the enhancements and improvements we’ve made to Black Duck Hub over the last 365 days based on the feedback we’ve gotten from our customers. One of my favorite improvements we did this year was Hub Detect. It made it a lot…
What’s Under Your Hood? Security & the Connected Car
Picture this: you’re driving your newly purchased, fully equipped, top-of-the-line automobile. You’ve just filled your tank, thanks to the crowd sourcing app GasBuddy, and you’re about to begin the commute to work. But first— coffee. Thanks to SYNC3, Ford’s latest infotainment system, you easily order by stating “Alexa, ask Starbucks to start my order.” Your…
Top 4 Software Development Methodologies
Successful projects are managed well. In order to manage a project efficiently, the manager or dev team must choose which software development method works best for the project at hand. All of the numerous software development methodologies that exist are used for different reasons. I’ve been doing some research to understand why different methodologies exist,…
Vulnerability Management and Triage in 3 Steps
Security testing tools can help organizations build better software by identifying vulnerabilities early in the SDLC. For security professionals and developers, however, the hard work begins when the testing is complete. Once you have a list of vulnerabilities across multiple applications, what’s your next step in vulnerability management and triage? And how do you ensure…
3 Things to Consider When Risk Ranking Your Applications
Almost every security lead I speak to would love to have more security resources. Whether it’s people to conduct threat modeling, manual code reviews, or simply someone who can scrub the false positives from the blizzard of information they receive each day, everyone seems to be in need of an extra hand. While more people…