Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2023 OSSRA report. It’s that time of year again: Now in its 8th edition, the Synopsys “Open Source Security and Risk Analysis” (OSSRA) report launched earlier this week.

Effectively managing the many open source licenses used in enterprise software is a complex task that requires a thorough evaluation of key features in software license management tools. After that, you need to implement the technology using several best practices. In this blog post, let’s take a brief look at both.

A Black Duck Audit provides a complete picture of the software risks in your acquisition target’s software or your own. Deciding on the best approach to managing software due diligence can be a significant challenge for organizations. Frequent acquirers have a playbook, but every transaction is different, and approaches must evolve as the market changes.

Read some of the highlights from CloudNativeSecurityCon 2023, the first-of-its-kind in-person event, grown from the conversations of the community on the front lines of open source security.

More and more companies are using more and more open source. The stats I’ve seen say seventy to seventy-five percent of all applications use open source or have some type of open source associated with them. I think that number is actually higher. Of all the companies that I’ve worked for, just about every single application has some type of open source associated with it.

We examine the Log4Shell disclosure through the lens of the Black Duck Knowledge Base to understand how organizations respond to high-profile vulnerabilities.

Honey Tokens or Canary Tokens are credentials designed to alert you when an attacker is in your infrastructure. This is a complete tutorial how to create them using only open-source projects.

Open source software provides companies with a competitive edge but when used incorrectly, it can lead to risks in the software supply chain. Today’s modern software applications simply would not exist, or be as powerful, without the use of open source software (OSS). Developers design open source software with source code that is accessible for anyone to use, modify, and learn from, and they release the code with specific licensing rights.

The new Black Duck SCA release offers enhancements to help organizations to better understand the potential risks in their software supply chain. Black Duck® software composition analysis (SCA) started the new year off strong and got a running start on its resolution to better help teams secure their software supply chain at the speed of modern software development. Let’s look at some of the highlights of the 2023.1.0 release.

Open source security tools are no longer experimental or only used by hobbyists. They protect some of the largest global enterprises and critical digital infrastructure. This evolution occurred more rapidly than anyone imagined or predicted.