Software and Application Security Blog

[NEW] AI avalanche: Taming software risk with True Scale Application Security

By Jason Schmitt

[NEW] Six takeaways from the 2025 OSSRA report

By Fred Bals

[NEW] Forrester recognizes Black Duck as a Leader in SCA

By Mike McGuire

Software and Application Security Blog

Most recent

Q&A: What You Need to Know About Open Source Software Risk in 2025

By Fred Bals

May 22, 2025 / 5 min read

Tags: Threat & Risk Assessment, Awareness, AppSec Best Practices, Manage Security Risks

How to build reliability into developer workflows without slowing down

By Corey Hamilton

May 19, 2025 / 3 min read

Tags: Build Security into DevOps

A decade of open source risk: Reflecting on 10 years of OSSRA report insights

By Kevin Collins

May 16, 2025 / 3 min read

Tags:

How to secure AI-generated code with DevSecOps best practices

By Steven Zimmerman

May 08, 2025 / 3 min read

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps

AI avalanche: Taming software risk with True Scale Application Security

By Jason Schmitt

Apr 28, 2025 / 3 min read

Tags: Security News & Trends

The 2025 OSSRA report uncovers answers to common open source questions

By Fred Bals

Mar 12, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain

Top open source licenses and legal risk for developers

By Fred Bals

Mar 05, 2025 / 8 min read

Tags: SCA, Secure the Software Supply Chain, OSS License Compliance

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

By Fred Bals

Feb 25, 2025 / 5 min read

Tags: SCA, Security News & Trends, Secure the Software Supply Chain

CyRC Vulnerability Advisory: LogicalDOC Security Audit

CyRC Advisory: Eight vulnerabilities discovered in LogicalDOC

By Matthew Hogg

Feb 05, 2025 / 5 min read

Tags: IAST, CyRC

Manage Security Risks

See all manage security risks posts

Q&A: What You Need to Know About Open Source Software Risk in 2025

By Fred Bals

May 22, 2025 / 5 min read

Tags: Threat & Risk Assessment, Awareness, AppSec Best Practices, Manage Security Risks

BSIMM15: New focus on securing AI and the software supply chain

By Black Duck Editorial Staff

Jan 14, 2025 / 5 min read

Tags: Program Strategy & Planning, Awareness, Manage Security Risks

A pragmatic guide to getting started with ASPM

By Rod Musser

Jul 09, 2024 / 3 min read

Tags: Manage Security Risks, Orchestration & Correlation

SSDF BSIMM mapping updated for BSIMM14

By Mike Lyman

Jun 18, 2024 / 8 min read

Tags: Program Strategy & Planning, Compliance, Manage Security Risks

Solving telecom network security challenges with Defensics

By Andy Pan

Apr 15, 2024 / 3 min read

Tags: Mobile, Manage Security Risks

Top 10 free pen tester tools

By Natalie Lightner

Apr 11, 2024 / 5 min read

Tags: Security News & Trends, Pen Testing, Web AppSec, Manage Security Risks

Team Collaborating on Security Risk Management

Managing risk at scale

By Charlotte Freeman

Apr 08, 2024 / 2 min read

Tags: Manage Security Risks

Man Drawing Application Security Diagram

SANS report: Securing the shifting landscape of application development

By Charlotte Freeman

Apr 03, 2024 / 2 min read

Tags: Manage Security Risks

Guide to updating from NIST CSF 1.1 to 2.0

By John Waller

Mar 29, 2024 / 7 min read

Tags: Cloud Security, Manage Security Risks

See all posts

Build Security into DevOps

See all build security into DevOps posts

How to build reliability into developer workflows without slowing down

By Corey Hamilton

May 19, 2025 / 3 min read

Tags: Build Security into DevOps

How to secure AI-generated code with DevSecOps best practices

By Steven Zimmerman

May 08, 2025 / 3 min read

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps

Security automation and integration can smooth AppSec friction

By Steven Zimmerman

Jan 23, 2025 / 6 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

Overcome AST noise to find and fix software vulnerabilities

By Steven Zimmerman

Jan 06, 2025 / 6 min read

Tags: Agile, CI/CD, Build Security into DevOps, DevSecOps

AI widens gap between security and dev thumbnail

Artificial intelligence widens the gap between security and development

By Steven Zimmerman

Dec 01, 2024 / 7 min read

Tags: Artificial Intelligence, Build Security into DevOps, DevSecOps

Faster, better, stronger application security for developers in the IDE

By Steven Zimmerman

Oct 10, 2024 / 6 min read

Tags: SCA, Build Security into DevOps, SAST

Penetration Testing IoT Security Visualization

Why penetration testing needs to be part of your IoT security

By Debrup Ghosh

Jul 16, 2024 / 4 min read

Tags: Build Security into DevOps, Pen Testing

AI-Powered Polaris Assist Security Solution

Accelerate application code fixes with AI-powered Polaris Assist

By Corey Hamilton

Apr 29, 2024 / 3 min read

Tags: Artificial Intelligence, Security News & Trends, Build Security into DevOps

Understanding Python pickling and how to use it securely

By Ashutosh Agrawal

Apr 17, 2024 / 3 min read

Tags: Build Security into DevOps, Training

See all posts

Secure the Software Supply Chain

See all secure the software supply chain posts

The 2025 OSSRA report uncovers answers to common open source questions

By Fred Bals

Mar 12, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain

Top open source licenses and legal risk for developers

By Fred Bals

Mar 05, 2025 / 8 min read

Tags: SCA, Secure the Software Supply Chain, OSS License Compliance

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

By Fred Bals

Feb 25, 2025 / 5 min read

Tags: SCA, Security News & Trends, Secure the Software Supply Chain

Understanding the DeepSeek model license: Balancing openness and responsibility

By Rich Kosinski

Feb 04, 2025 / 2 min read

Tags: SCA, M&A, Secure the Software Supply Chain, OSS License Compliance

Analyze AI-Generated Code with the Black Duck Snippet API

By Mike McGuire

Feb 03, 2025 / 4 min read

Tags: SCA, Secure the Software Supply Chain

Understanding generative AI risks in software development

By Phil Odence

Oct 24, 2024 / 3 min read

Tags: SCA, M&A, Secure the Software Supply Chain, OSS License Compliance

See all posts

Security News & Trends

See all security news & trends posts

AI avalanche: Taming software risk with True Scale Application Security

By Jason Schmitt

Apr 28, 2025 / 3 min read

Tags: Security News & Trends

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

By Fred Bals

Feb 25, 2025 / 5 min read

Tags: SCA, Security News & Trends, Secure the Software Supply Chain

Forrester recognizes Black Duck as a Leader in software composition analysis

By Mike McGuire

Nov 13, 2024 / 3 min read

Tags: SCA, Security News & Trends

Software Vulnerability Snapshot Report Thumbnail

Software Vulnerability Snapshot Report Findings

By Fred Bals

Nov 12, 2024 / 3 min read

Tags: DAST, Security News & Trends, Web AppSec

Global DevSecOps Background Thumbnail Alt

Key insights from Black Duck’s 2024 Global State of DevSecOps report

By Fred Bals

Oct 08, 2024 / 5 min read

Tags: Security News & Trends, DevSecOps

Black Duck takes flight

By Jason Schmitt

Oct 01, 2024 / 2 min read

Tags: Security News & Trends

A new identity for the Synopsys Software Integrity Group

By Jason Schmitt

Aug 12, 2024 / 2 min read

Tags: Security News & Trends

CyRC Vulnerability Advisory: CVE-2024-5184s prompt injection in EmailGPT service

By Mohammed Alshehri

Jun 04, 2024 / 1 min read

Tags: Security News & Trends, CyRC

CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

By Mohammed Alshehri

May 27, 2024 / 1 min read

Tags: Security News & Trends, CyRC

See all blog posts

[NEW] AI avalanche: Taming software risk with True Scale Application Security

[NEW] Six takeaways from the 2025 OSSRA report

[NEW] Forrester recognizes Black Duck as a Leader in SCA

Software and Application Security Blog

Most recent

Manage Security Risks

Build Security into DevOps

Secure the Software Supply Chain

Security News & Trends

Explore Topics

Application Security Blog