From this Author

May 22, 2025/5 min read

Q&A: What You Need to Know About Open Source Software Risk in 2025

By Fred Bals

Tags: Threat & Risk Assessment , AppSec Best Practices , Manage Security Risks

Mar 12, 2025/4 min read

The 2025 OSSRA report uncovers answers to common open source questions

By Fred Bals

Tags: SCA , Secure the Software Supply Chain

Mar 05, 2025/8 min read

Top open source licenses and legal risk for developers

By Fred Bals

Tags: SCA , Secure the Software Supply Chain , OSS License Compliance

Feb 25, 2025/5 min read

Six takeaways from the 2025 “Open Source Security and Risk Analysis” report

By Fred Bals

Tags: SCA , Security News & Trends , Secure the Software Supply Chain

Software Vulnerability Snapshot Report Thumbnail

Nov 12, 2024/3 min read

Software Vulnerability Snapshot Report Findings

By Fred Bals

Tags: DAST , Security News & Trends , Web AppSec

Global DevSecOps Background Thumbnail Alt

Oct 08, 2024/5 min read

Key insights from Black Duck’s 2024 Global State of DevSecOps report

By Fred Bals

Tags: Security News & Trends , DevSecOps

May 16, 2024/3 min read

The changing face of software supply chain security risk

By Fred Bals

Tags: SCA , Secure the Software Supply Chain

Apr 08, 2024/5 min read

What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack

By Fred Bals

Tags: Secure the Software Supply Chain

Mar 19, 2024/4 min read

2024 OSSRA report: Open source license compliance remains problematic

By Fred Bals

Tags: Artificial Intelligence , Manage Security Risks , OSS License Compliance

Software Bill Of Materials Document Review

Mar 17, 2024/5 min read

What is a software bill of materials?

By Fred Bals

Tags: SCA , Secure the Software Supply Chain

Hacker Exploiting Apache Struts Vulnerability

Mar 16, 2024/3 min read

CVE-2017-5638: The Apache Struts vulnerability explained

By Fred Bals

Tags: Security News & Trends , Secure the Software Supply Chain

Mar 06, 2024/4 min read

2024 OSSRA Report: Outdated code risk in open source components

By Fred Bals

Tags: Security News & Trends , Secure the Software Supply Chain , Manage Security Risks

Developers Collaborating on DevSecOps Strategies

Jan 04, 2024/2 min read

DevSecOps practices to maintain developer velocity

By Fred Bals

Tags: DevSecOps , Manage Security Risks

Dec 04, 2023/3 min read

Shifting everywhere: The importance of continuous testing in the software development life cycle

By Fred Bals

Tags: DevSecOps

Oct 18, 2023/2 min read

DevSecOps Report: ASPM and its impact on software security

By Fred Bals

Tags: Security News & Trends , DevSecOps

Jun 30, 2023/2 min read

Defending against malicious packages in the npm ecosystem and beyond

By Fred Bals

Tags: SCA , Manage Security Risks

Jun 26, 2023/7 min read

2023 OSSRA deep dive: High-risk vulnerabilities

By Fred Bals

Tags: Manage Security Risks , OSS License Compliance

2023 OSSRA Report: jQuery Security Insights

May 10, 2023/4 min read

2023 OSSRA deep dive: jQuery and open source security

By Fred Bals

Tags: SCA , Secure the Software Supply Chain , OSS License Compliance

Synopsys Partner Program CRN 5-Star Award

Mar 26, 2023/2 min read

Synopsys Global Partner Program Receives CRN® 5-Star Rating for Second Consecutive Year

By Fred Bals

Tags: Security News & Trends

Dec 07, 2020/4 min read

6 Findings from DevSecOps Practices' Survey

By Fred Bals

Tags: AppSec Best Practices , DevSecOps , Manage Security Risks

Sep 29, 2020/3 min read

Making SCA part of your AST Strategy

By Fred Bals

Tags: SCA , Security News & Trends , Secure the Software Supply Chain

Sep 10, 2020/4 min read

TANSTAAFL! The tragedy of the commons meets open source software

By Fred Bals

Tags: Manage Security Risks

Developer Examining Vulnerability Data with Magnifying Glass

Jun 01, 2020/3 min read

Why developers need a supplemental source to NVD vulnerability data

By Fred Bals

Tags: SCA , Build Security into DevOps

Linux Foundation Vulnerabilities Report Thumbnail

Feb 18, 2020/5 min read

There’s no such thing as TMI when it comes to open source software

By Fred Bals

Tags: SCA , Security News & Trends

Jan 22, 2020/5 min read

Coverity & Black Duck together. Better. Faster. Stronger.

By Fred Bals

Tags: SCA , Build Security into DevOps , SAST

Nov 12, 2019/3 min read

Blue Yonder: Extending their SDLC to remediate open source issues

By Fred Bals

Tags: SCA

Feb 10, 2019/2 min read

3 takeaways from “Managing the Business Risks of Open Source” webinar

By Fred Bals

Tags: SCA , Security News & Trends , Manage Security Risks , OSS License Compliance

Rock Climber Demonstrating Risk Management Techniques

Oct 09, 2018/2 min read

Why you need to perform open source due diligence in an M&A transaction

By Fred Bals

Tags: M&A , OSS License Compliance

Sep 30, 2018/3 min read

CVE-2018-11776 and why you need Black Duck Security Advisories

By Fred Bals

Tags: SCA , Security News & Trends

Apache Struts Vulnerability CVE-2018-11776

Aug 27, 2018/2 min read

CVE-2018-11776: The latest Apache Struts vulnerability

By Fred Bals

Tags: SCA , Security News & Trends , CyRC

Colorful Abstract AppSec Security Graphic

Aug 14, 2018/2 min read

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

By Fred Bals

Tags: IAST , SAST , Web AppSec , Manage Security Risks

AccessOne Software Tech Due Diligence Image

Jan 23, 2018/2 min read

When software is the company, tech due diligence is critical

By Fred Bals

Tags: SCA , M&A , OSS License Compliance

Sep 14, 2017/3 min read

Equifax, Apache Struts, and CVE-2017-5638 vulnerability

By Fred Bals

Tags: Security News & Trends , Secure the Software Supply Chain , Manage Security Risks

Apr 04, 2017/3 min read

Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?

By Fred Bals

Tags: M&A , Manage Security Risks , OSS License Compliance

Fred Bals

Fred is a senior technical writer at Black Duck. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.