Learn how you can improve your application security posture by adopting best practices from the BIND 9 team. All application development teams face the same fundamental questions, from the selection of third-party components to the processes and tools that ensure resilience and security. This article describes how the ISC development team addresses security in the BIND 9 application, one of the foundational applications of the modern internet.

CVE-2022-30617 and CVE-2022-30618 are sensitive data exposure vulnerabilities that may lead to account compromise in the admin panel of the headless CMS software Strapi.

In our new tech tales series, we discuss how Synopsys customers use our products and services to uncover security risks in their organization. Synopsys customers span every industry—from small to large enterprises across financial services, automotive, public sector, medical and healthcare, and much more. One thing they all have in common is building trust into their software.

Shifting visibility downstream in the SDLC with an AppSec tool like Code Dx enables companies to build high-quality software, faster. A key component of DevOps is the ability to support software branching and merging. Software branching enables software development teams to develop multiple parts of software at the same time, to have multiple releases for various platforms, and to help manage larger software teams with many different roles and responsibilities.

In this post we discuss how an account with two-factor authentication could be bypassed if the password were breached.

It’s critical to have the right people and approach when it comes to understanding and resolving licensing issues in open source audits. Many of our regular Black Duck Audit customers have well-honed processes that kick in after we deliver reports. We’ve gleaned some ideas and approaches from working with these clients and the biggest pro tip? You need a pro, i.e., make sure you have an open source-savvy attorney involved.

CVE-2022-30278 is a reflected cross-site scripting (XSS) vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files.

Synopsys has signed a definitive agreement to acquire WhiteHat Security, a market-segment leading provider of dynamic application security testing (DAST) solutions.

CVE-2022-1271 is a new vulnerability affecting gzip, a widely used open source component for archiving, compressing, and decompressing files. CVE-2022-1271, also tracked in the Black Duck KnowledgeBase™ as BDSA-2022-0958, is a bug in gzip, a file format and software application used for archiving, compressing, and decompressing files.

CVE-2022-24814 is a stored XSS vulnerability that can lead to account compromise in the admin application of Directus.