close search bar

Sorry, not available in this language yet

close language selection
  • English
  • 日本語

[NEW] Six takeaways from the 2025 OSSRA report

By Fred Bals

Read more

[NEW] Forrester recognizes Black Duck as a Leader in SCA

By Mike McGuire

Read more

[NEW] Software Vulnerability Snapshot Report Findings

By Fred Bals

Read more
Software Vulnerability Snapshot Report Thumbnail

Software and Application Security Blog

Most recent

Black Duck Logo on Dark Background

The 2025 OSSRA report uncovers answers to common open source questions

Fred Bals
By Fred Bals

Mar 12, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain
Open Source Licensing and Legal Risks

Top open source licenses and legal risk for developers

Fred Bals
By Fred Bals

Mar 05, 2025 / 8 min read

Tags: SCA, Secure the Software Supply Chain, OSS License Compliance
OSSRA 2025 thumbnail

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

Fred Bals
By Fred Bals

Feb 25, 2025 / 5 min read

Tags: SCA, Security News & Trends, Secure the Software Supply Chain
CyRC Vulnerability Advisory: LogicalDOC Security Audit

CyRC Advisory: Eight vulnerabilities discovered in LogicalDOC

Matthew Hogg
By Matthew Hogg

Feb 05, 2025 / 5 min read

Tags: IAST, CyRC
Black Duck Logo on Dark Background

Understanding the DeepSeek model license: Balancing openness and responsibility

Rich Kosinski
By Rich Kosinski

Feb 04, 2025 / 2 min read

Tags: SCA, M&A, Secure the Software Supply Chain, OSS License Compliance
Black Duck Logo on Dark Background

Analyze AI-Generated Code with the Black Duck Snippet API

Mike McGuire
By Mike McGuire

Feb 03, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain
security automation and integration

Security automation and integration can smooth AppSec friction

Steven Zimmerman
By Steven Zimmerman

Jan 23, 2025 / 6 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps
BSIMM15 Report Thumbnail

BSIMM15: New focus on securing AI and the software supply chain

Black Duck Editorial Staff
By Black Duck Editorial Staff

Jan 14, 2025 / 5 min read

Tags: Program Strategy & Planning, Awareness, Manage Security Risks
Vulnerability Background Thumbnail

Overcome AST noise to find and fix software vulnerabilities

Steven Zimmerman
By Steven Zimmerman

Jan 06, 2025 / 6 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Manage Security Risks

See all manage security risks posts

BSIMM15 Report Thumbnail

BSIMM15: New focus on securing AI and the software supply chain

Black Duck Editorial Staff
By Black Duck Editorial Staff

Jan 14, 2025 / 5 min read

Tags: Program Strategy & Planning, Awareness, Manage Security Risks
Black Duck Logo on Dark Background

A pragmatic guide to getting started with ASPM

Rod Musser
By Rod Musser

Jul 09, 2024 / 3 min read

Tags: Manage Security Risks, Orchestration & Correlation
Black Duck Logo on Dark Background

SSDF BSIMM mapping updated for BSIMM14

Mike Lyman
By Mike Lyman

Jun 18, 2024 / 8 min read

Tags: Program Strategy & Planning, Compliance, Manage Security Risks
Black Duck Logo on Dark Background

Solving telecom network security challenges with Defensics

AP
By Andy Pan

Apr 15, 2024 / 3 min read

Tags: Mobile, Manage Security Risks
Top 10 Free Penetration Testing Tools

Top 10 free pen tester tools

Natalie Lightner
By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks
Team Collaborating on Security Risk Management

Managing risk at scale

Charlotte Freeman
By Charlotte Freeman

Apr 08, 2024 / 2 min read

Tags: Manage Security Risks
Man Drawing Application Security Diagram

SANS report: Securing the shifting landscape of application development

Charlotte Freeman
By Charlotte Freeman

Apr 03, 2024 / 2 min read

Tags: Manage Security Risks
NIST CSF Update Data Visualization

Guide to updating from NIST CSF 1.1 to 2.0

John Waller
By John Waller

Mar 29, 2024 / 7 min read

Tags: Cloud Security, Manage Security Risks
Vulnerability Remediation Options Signpost

4 approaches to vulnerability remediation

Natalie Lightner
By Natalie Lightner

Mar 27, 2024 / 4 min read

Tags: SCA, Build Security into DevOps, Training, Manage Security Risks

See all posts

Build Security into DevOps

See all build security into DevOps posts

security automation and integration

Security automation and integration can smooth AppSec friction

Steven Zimmerman
By Steven Zimmerman

Jan 23, 2025 / 6 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps
Vulnerability Background Thumbnail

Overcome AST noise to find and fix software vulnerabilities

Steven Zimmerman
By Steven Zimmerman

Jan 06, 2025 / 6 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps
AI widens gap between security and dev thumbnail

Artificial intelligence widens the gap between security and development

Steven Zimmerman
By Steven Zimmerman

Dec 01, 2024 / 7 min read

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps
Faster, better, stronger AppSec for developers in the IDE

Faster, better, stronger application security for developers in the IDE

Steven Zimmerman
By Steven Zimmerman

Oct 10, 2024 / 6 min read

Tags: SCA, Build Security into DevOps, SAST
Penetration Testing IoT Security Visualization

Why penetration testing needs to be part of your IoT security

Debrup Ghosh
By Debrup Ghosh

Jul 16, 2024 / 4 min read

Tags: Build Security into DevOps, Pen Testing
AI-Powered Polaris Assist Security Solution

Accelerate application code fixes with AI-powered Polaris Assist

Corey Hamilton
By Corey Hamilton

Apr 29, 2024 / 3 min read

Tags: Artificial Intelligence, Security News & Trends, Build Security into DevOps
Black Duck Logo on Dark Background

Understanding Python pickling and how to use it securely

Ashutosh Agrawal
By Ashutosh Agrawal

Apr 17, 2024 / 3 min read

Tags: Build Security into DevOps, Training
Sunset Over Flowing Waterfall Dam

How to detect, prevent, and mitigate buffer overflow attacks

Natalie Lightner
By Natalie Lightner

Mar 31, 2024 / 8 min read

Tags: Build Security into DevOps, SAST
Vulnerability Remediation Options Signpost

4 approaches to vulnerability remediation

Natalie Lightner
By Natalie Lightner

Mar 27, 2024 / 4 min read

Tags: SCA, Build Security into DevOps, Training, Manage Security Risks

See all posts

Secure the Software Supply Chain

See all secure the software supply chain posts

Black Duck Logo on Dark Background

The 2025 OSSRA report uncovers answers to common open source questions

Fred Bals
By Fred Bals

Mar 12, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain
Open Source Licensing and Legal Risks

Top open source licenses and legal risk for developers

Fred Bals
By Fred Bals

Mar 05, 2025 / 8 min read

Tags: SCA, Secure the Software Supply Chain, OSS License Compliance
OSSRA 2025 thumbnail

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

Fred Bals
By Fred Bals

Feb 25, 2025 / 5 min read

Tags: SCA, Security News & Trends, Secure the Software Supply Chain
Black Duck Logo on Dark Background

Understanding the DeepSeek model license: Balancing openness and responsibility

Rich Kosinski
By Rich Kosinski

Feb 04, 2025 / 2 min read

Tags: SCA, M&A, Secure the Software Supply Chain, OSS License Compliance
Black Duck Logo on Dark Background

Analyze AI-Generated Code with the Black Duck Snippet API

Mike McGuire
By Mike McGuire

Feb 03, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain
Generative AI risks in software development

Understanding generative AI risks in software development

Phil Odence
By Phil Odence

Oct 24, 2024 / 3 min read

Tags: SCA, M&A, Secure the Software Supply Chain, OSS License Compliance

See all posts

Security News & Trends

See all security news & trends posts

OSSRA 2025 thumbnail

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

Fred Bals
By Fred Bals

Feb 25, 2025 / 5 min read

Tags: SCA, Security News & Trends, Secure the Software Supply Chain
Black Duck Logo on Dark Background

Forrester recognizes Black Duck as a Leader in software composition analysis

Mike McGuire
By Mike McGuire

Nov 13, 2024 / 3 min read

Tags: SCA, Security News & Trends
Software Vulnerability Snapshot Report Thumbnail

Software Vulnerability Snapshot Report Findings

Fred Bals
By Fred Bals

Nov 12, 2024 / 3 min read

Tags: DAST, Security News & Trends, Web AppSec
Global DevSecOps Background Thumbnail Alt

Key insights from Black Duck’s 2024 Global State of DevSecOps report

Fred Bals
By Fred Bals

Oct 08, 2024 / 5 min read

Tags: Security News & Trends, DevSecOps
Black Duck Logo On Black Background

Black Duck takes flight

Jason Schmitt
By Jason Schmitt

Oct 01, 2024 / 2 min read

Tags: Security News & Trends
Black Duck Logo on Dark Background

A new identity for the Synopsys Software Integrity Group

Jason Schmitt
By Jason Schmitt

Aug 12, 2024 / 2 min read

Tags: Security News & Trends
CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT Service

CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

Mohammed Alshehri
By Mohammed Alshehri

Jun 04, 2024 / 1 min read

Tags: Security News & Trends, CyRC
CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

Mohammed Alshehri
By Mohammed Alshehri

May 27, 2024 / 1 min read

Tags: Security News & Trends, CyRC
Black Duck Logo on Dark Background

Clearlake Capital Group and Francisco Partners reach agreement to purchase the Software Integrity Group

Jason Schmitt
By Jason Schmitt

May 08, 2024 / 1 min read

Tags: Security News & Trends

See all blog posts

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security
©2025 Black Duck Software, Inc. All Rights Reserved