Securing your software requires a mix of automated and manual processes, and threat modeling is a crucial part of the mix. Your organization relies on software to innovate and deliver value to your customers, as well as to work faster and more efficiently. However, if that software is not developed and deployed securely, it can put your business at risk. When software risk is business risk, you must both prioritize it and manage it proactively.

Listed as #2 on the OWASP Top 10 list, cryptographic failures expose sensitive data due to a lack of or weak encryption. Many of the web and mobile applications you use daily require you to input sensitive information. Cryptography offers tools that can be used to safeguard sensitive data and securely transfer it across the internet. Cryptography is powerful but it must be used properly to be effective.

A Black Duck Audit provides a complete picture of the software risks in your acquisition target’s software or your own. Deciding on the best approach to managing software due diligence can be a significant challenge for organizations. Frequent acquirers have a playbook, but every transaction is different, and approaches must evolve as the market changes.

The Cybersecurity Research Center conducted a security analysis of the 10 most popular Android sports and betting apps. With the Super Bowl approaching in the U.S., the Synopsys Cybersecurity Research Center (CyRC) set out to evaluate the 10 most popular Android sports and betting apps through the lens of supply chain security. We used Black Duck® Binary Analysis (BDBA) to examine the open source components used in these apps.

We examine the Log4Shell disclosure through the lens of the Black Duck Knowledge Base to understand how organizations respond to high-profile vulnerabilities.

Learn about CVE-2022-23846, a denial-of-service-vulnerability affecting GTP libraries found in Open5GS.

Open source software provides companies with a competitive edge but when used incorrectly, it can lead to risks in the software supply chain. Today’s modern software applications simply would not exist, or be as powerful, without the use of open source software (OSS). Developers design open source software with source code that is accessible for anyone to use, modify, and learn from, and they release the code with specific licensing rights.

Understanding how software is developed and the areas impacted by technical debt can help lawyers and investors assess software risks during an M&A. Insight into how software is developed and what kinds of issues can lurk in a codebase enables businesspeople and lawyers to better understand software risks and how to mitigate them.

The new Black Duck SCA release offers enhancements to help organizations to better understand the potential risks in their software supply chain. Black Duck® software composition analysis (SCA) started the new year off strong and got a running start on its resolution to better help teams secure their software supply chain at the speed of modern software development. Let’s look at some of the highlights of the 2023.1.0 release.

Our 2023 cybersecurity predictions are in. The experts weigh in on trends and how they’ll shape cybersecurity efforts in the year ahead. It’s still the season for gazing into the crystal ball that tells us what’s going to happen in the world of cybersecurity for the rest of the year. Or at least we wish it would. Crystal balls are always cloudy, which means predictions are hard—especially about the future, as the late, great Yogi Berra said.