Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

Black Duck Software Press Releases
Syndicate content
Updated: 18 hours 50 min ago

View Recorded Webinars

Sun, 01/01/2017 - 05:59
View Recorded Webinarshleclair Sun, 01/01/2017 - 04:59 Resource Type Webinars Resource Content Black Duck has many webinars available on demand. Explore our webinar library today. Resource Link https://www.blackducksoftware.com/resources?type=31&topic=All&keyword= Exclude from resource page Exclude from resource page
Categories: Vendor

Contain your risk: Deploy secure containers with trust and confidence

Thu, 09/22/2016 - 16:00
Contain your risk: Deploy secure containers with trust and confidencehleclair Thu, 09/22/2016 - 15:00 Resource Type Webinars Resource Content Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/215567?utm_campaign=website&utm_medium… Resource Topic Security Exclude from resource page No
Categories: Vendor

Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duck

Thu, 08/11/2016 - 16:00
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black Duckhleclair Thu, 08/11/2016 - 15:00 Resource Type Webinars Resource Content Open source powers everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/215547?utm_campaign=website&utm_medium… Resource Topic Security Exclude from resource page No
Categories: Vendor

Black Duck Announces Creation of Global Center for Open Source Research & Innovation

Tue, 08/02/2016 - 14:00
Black Duck Announces Creation of Global Center for Open Source Research & Innovationhleclair Tue, 08/02/2016 - 13:00

Growing reliance on open source for application development underscores the need for more
cutting-edge research – particularly in security

BURLINGTON, MA Aug 2, 2016 – Black Duck, a leader in automated solutions for securing and managing open source software, today announced it has created a Center for Open Source Research & Innovation (COSRI), noting that increasing reliance on open source for application development underscores the need for continuing investment in research.

“Open source is the way today’s applications are developed and we expect worldwide adoption will continue to accelerate because of the compelling economic and productivity benefits open source provides. Over the next decade, more cutting-edge research, innovation, information and education – particularly related to open source security – are needed to ensure the open source ecosystem remains vibrant. We will be a leader in that effort,” said Black Duck CEO Lou Shipley.

COSRI will be based at Black Duck’s Massachusetts headquarters and Shipley said the two new Black Duck research groups in Canada and Europe will play major roles in its initiatives.

Europe-based Black Duck Security Research analyzes security issues and attack patterns in open source software to provide customers with actionable information on vulnerabilities, corrective actions to reduce risk, and strategies for using open source effectively. The Vancouver, Canada group conducts applied research in data mining, machine learning, natural language processing, big data management and software engineering.

“Both groups will be sources of valuable research and reports throughout the year. Their work will help us innovate and improve our open source security and management solutions and a great deal of what they do will also be shared for the benefit of the open source community,” said Shipley.

Through COSRI, Black Duck will continue to issue periodic Open Source Security Audit (OSSA) reports analyzing results of applications audited by the company’s On-Demand business as part of M&A activities. Black Duck published a revealing report earlier this year highlighting the challenges organizations face in securing and managing their open source. One eye-opening OSSA finding was that 67 percent of the applications contained security vulnerabilities in open source components.

Shipley said the research teams’ work will also add to and enhance Black Duck’s KnowledgeBase™, the world’s most complete, current and accurate repository and database of open source software, associated licenses and other critical information, including known security vulnerabilities. “The KnowledgeBase is the foundation for our products and we’ve been building it for more than a decade. That work will continue uninterrupted as a component of COSRI,” he said.

Black Duck’s Open Hub, its online community and public directory of free and open source software (FOSS), will also be part of COSRI. Open Hub offers analytics and search services for discovering, evaluating, tracking and comparing open source code and projects.

“To continue to grow and thrive, open source needs an active community. Our investment in Open Hub will continue as we include it under the COSRI umbrella,” Shipley said.

About Black Duck

Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

Media Contacts
Black Duck
Brian Carter
Director of Strategic Communications
bcarter@blackducksoftware.com
508.277.7570

PAN Communications
Michael O’Connell and Lisa Sorrentino
blackduck@pancomm.com
617.502.4300

 

Categories: Vendor

Black Duck Announces Integration of Hub Solution with HPE Security Fortify Software Security Center

Wed, 07/13/2016 - 14:06
Black Duck Announces Integration of Hub Solution with HPE Security Fortify Software Security Centerhleclair Wed, 07/13/2016 - 13:06

Offering allows organizations to detect, prioritize and fix known open source vulnerabilities as well as vulnerabilities in custom code – all through a single view

BURLINGTON, MA July 13, 2016 – Black Duck, a global leader in automated solutions for securing and managing open source software, today announced the integration of its flagship Hub solution into HPE Security Fortify Software Security Center (SSC), which helps organizations measure and control their application security posture and provides visibility into software risk across the enterprise.

Organizations developing applications today use a mix of custom and open source code, significantly increasing security risk, management complexity, and challenges.  With the integration of Black Duck Hub, organizations using HPE Security Fortify will be able to detect, prioritize and fix known open source vulnerabilities as well as custom code vulnerabilities – all through a single view in HPE Security Fortify Software Security Center.

“Use of open source has increased dramatically in the last five years because it cuts development costs and accelerates time to market. Open source is ubiquitous worldwide and can comprise 50 percent or more of a large organization’s code base. By integrating Black Duck Hub with HPE Security Fortify, customers will have visibility into and control of the open source they are using and also be able to identify known vulnerabilities.  This allows them to better understand and reduce their security risks,” said Lou Shipley, Black Duck CEO.

“A strong ecosystem of partners that adds security insight throughout the software development lifecycle is an essential element of the complete view of application security that HPE Security Fortify provides,” said Jason Schmitt, Vice President and General Manager, HPE Security Fortify, Hewlett Packard Enterprise. “This integration with Black Duck complements our existing secure development and security testing solutions by providing the ability to view the results of open source scanning alongside application security testing results to deliver a more complete and effective approach to managing application security.”

The key features of the Black Duck Hub and HPE Security Fortify integration include:

  • Deep Discovery of Open Source: Rapid scanning and identification of open source libraries, versions, license, and community activity powered by the Black Duck® KnowledgeBase™ – the world’s most complete open source database with detailed information on more than 1.5 million open source projects and 76,000+ known open source vulnerabilities.
  • Comprehensive Identification of Open Source Risks: Create an inventory of all open source in use and a map to known security vulnerabilities, identifying and prioritizing the severity of the vulnerability and exploring remediation steps.
  • Integrated Remediation Orchestration and Policy Enforcement: Open source vulnerability remediation prioritization, mitigation guidance, and automated policy management, allowing organizations to have visibility into their remediation efforts and manage their external and internal compliance mandates.
  • Continuous Monitoring for New Security Vulnerabilities: Ongoing monitoring and alerting on newly reported open source security vulnerabilities

For more information:

  1. Join a webinar co-hosted by Black Duck and HPE on Aug. 11, 2016, at 10 a.m. ET https://www.brighttalk.com/webcast/13983/215547
  2. Visit www.blackducksoftware.com/HPE or to see a demo video or request your own.
  3. Contact HPE@blackducksoftware.com for a further discussion, demo, or free trial.

About Black Duck

Organizations worldwide use Black Duck’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

Media Contacts

Black Duck
Brian Carter
Director of Strategic Communications
bcarter@blackducksoftware.com
508.277.7570

PAN Communications
Michael O’Connell and Lisa Sorrentino
blackduck@pancomm.com
617-502-4300

Categories: Vendor

Open Source Security Audit Report for Applications

Thu, 06/23/2016 - 16:00
Open Source Security Audit Report for Applicationshleclair Thu, 06/23/2016 - 15:00 Resource Type Webinars Resource Content On average the applications contained more than twice as much open source as the organizations thought. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/207441?utm_source=web&utm_medium=websi… Resource Topic Security Exclude from resource page No
Categories: Vendor

Breakfast briefing

Thu, 06/23/2016 - 13:57
Breakfast briefinghleclair Thu, 06/23/2016 - 12:57 07/07/2016 07/07/2016 Zurich https://info.blackducksoftware.com/LE-2016-Q2-Partner-Seminar-Object-EMEA_Landi…

Use of open source software is ubiquitous worldwide because it reduces development costs, frees developers to work on higher-level tasks and accelerates time to market. Open source is the way applications are developed today and because applications represent the greatest level of risk on the security-threat landscape, organisations recognise that maximising the benefits they get from open source requires more effective security and management.

Please join with industry experts for an educational breakfast seminar that will help you maintain development agility and secure your applications. Whether you’re employing a mix of custom and open source code, or using Docker containers. you face new and increasingly complex challenges.

Date: Thursday 7th July

Location: Clouds - Maagplatz 5, 8005 Zurich; Get directions 

Agenda:

08.30 - Buffet Breakfast
09.00 - Welcome - Oliver Huser, OBJECT 
09.10 - Welcome; Kevin Bland, Black Duck Software
09.30 - How to Manage and Secure your use of Open Source, Thimo Hueller, Black Duck Software
10.15 - Alfresco Use Case - Live Demo 
11.00 - Forum & Questions
11.15 - Networking 

Categories: Vendor

Strategies for Managing Open Source Security Risk

Wed, 06/22/2016 - 16:30
Strategies for Managing Open Source Security Riskhleclair Wed, 06/22/2016 - 15:30 Resource Type Webinars Resource Content Insight into the open source used in a code base is critical to managing security risks. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/207429?utm_source=web&utm_medium=websi… Resource Topic Compliance Exclude from resource page No
Categories: Vendor

Lunch & Learn Seminar - “What Security Tools Miss”

Thu, 06/16/2016 - 19:40
Lunch & Learn Seminar - “What Security Tools Miss”hleclair Thu, 06/16/2016 - 18:40 07/13/2016 07/13/2016 Burlington, MA http://bit.ly/29OZDTk

Join Mike Pittenger, VP of Product Strategy at Black Duck Software, at The Capital Grille Burlington, MA where he’ll discuss how your organization can:

  • Automate identification of all open source you’re using and map against known and newly identified vulnerabilities
  • Accelerate remediation
  • Take action today to better enforce open security without impacting an agile SDLC

Space is limited, so sign up today for “What Security Tools Miss”

When: 

July 13, 2016 from 12:00- 1:00 pm

Where:

The Capital Grille
10 Wayside Road
Burlington, Massachusetts 01803

Questions or Concerns?

Please contact Jenny Ho for more information! Register now.

Categories: Vendor

Lunch & Learn Seminar - “What Security Tools Miss”

Thu, 06/16/2016 - 19:34
Lunch & Learn Seminar - “What Security Tools Miss”hleclair Thu, 06/16/2016 - 18:34 07/20/2016 07/20/2016 San Jose, CA http://bit.ly/1Xs2SF0

Join Patrick Carey, Director of Product Marketing at Black Duck Software, at Morton's The Steakhouse, San Jose, California, where he’ll discuss how your organization can:

  • Automate identification of all open source you’re using and map against known and newly identified vulnerabilities
  • Accelerate remediation
  • Take action today to better enforce open source security without impacting an agile SDLC

Space is limited, so sign up today for “What Security Tools Miss”

When: 

July 20, 2016 from 12:00- 1:00 PM

Where:

Morton's The Steakhouse

177 Park Ave #100

San Jose, California 95113

Questions or Concerns? 

Please contact Jenny Ho for more information! Register here.

Categories: Vendor

EY Announces Black Duck CEO Lou Shipley is Named an EY Entrepreneur Of The Year® New England 2016 Finalist

Tue, 05/31/2016 - 14:00
EY Announces Black Duck CEO Lou Shipley is Named an EY Entrepreneur Of The Year® New England 2016 Finalisthleclair Tue, 05/31/2016 - 13:00

BURLINGTON, MA, May 31, 2016 – EY has announced that Black Duck CEO Lou Shipley is a finalist for the EY Entrepreneur Of The Year® 2016 Award in the New England program. The awards program recognizes entrepreneurs who demonstrate excellence and extraordinary success in such areas as innovation, financial performance and personal commitment to their businesses and communities.

Shipley was selected as a finalist by a panel of independent judges. Award winners will be announced at a special gala event on June 23, 2016, at the Boston Marriott Copley Place.

“The quality and success of the companies that made it to the semifinals was impressive. EY’s overall vetting process is thorough and I’m sure it was very difficult for the finalist judges to eliminate anyone. Reaching the finals is encouraging to me because it confirms what I believe – that the Black Duck team is on the right track and we’re building a great company,” said Shipley.

Now in its 30th year, the EY Entrepreneur Of The Year program has expanded to recognize business leaders in more than 145 cities in more than 60 countries throughout the world.

Regional award winners are eligible for consideration for the EY Entrepreneur Of The Year National program. Award winners in several national categories, as well as the EY Entrepreneur Of The Year National Overall Award winner, will be announced at the EY Entrepreneur Of The Year National Awards gala in Palm Springs, California, on November 19, 2016. The awards are the culminating event of the EY Strategic Growth Forum®, the nation’s most prestigious gathering of high-growth, market-leading companies.

Sponsors

Founded and produced by EY, Entrepreneur Of The Year is nationally sponsored nationally by SAP America, Merrill Corporation and the Ewing Marion Kauffman Foundation. In New England, sponsors also include Fama PR, Goodwin Procter, Isenberg School of Management at the University of Massachusetts Amherst, Nixon Peabody LLP and The True Capital. Other sponsors include Chatham Financial, Empire Valuation Consultants, Morgan Lewis and T3 Advisors.

About Black Duck Software

Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

About EY Entrepreneur Of The Year®

EY Entrepreneur Of The Year is the world’s most prestigious business award for entrepreneurs. The unique award makes a difference through the way it encourages entrepreneurial activity among those with potential and recognizes the contribution of people who inspire others with their vision, leadership and achievement. As the first and only truly global award of its kind, Entrepreneur Of The Year celebrates those who are building and leading successful, growing and dynamic businesses, recognizing them through regional, national and global awards programs in more than 145 cities in more than 60 countries.

About EY’s Strategic Growth Markets practice

EY’s Strategic Growth Markets (SGM) practice guides leading high-growth companies. Our multidisciplinary teams of elite professionals provide perspective and advice to help our clients accelerate market leadership. SGM delivers assurance, tax, transactions and advisory services to thousands of companies spanning all industries. EY is the undisputed leader in taking companies public, advising key government agencies on the issues impacting high-growth companies and convening the experts who shape the business climate. For more information, please visit us at ey.com/us/strategicgrowthmarkets, or follow news on Twitter @EY_Growth.

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

Media Contacts:
Black Duck
Brian Carter, Director of Strategic Communications
bcarter@blackducksoftware.com
508-277-7570

PAN Communications
Michael O’Connell/ Tiffany Darmetko
blackduck@pancomm.com
617-502-4300

Categories: Vendor

Application Security: 6 Myths of Open Source Management

Wed, 05/25/2016 - 15:00
Application Security: 6 Myths of Open Source Managementhleclair Wed, 05/25/2016 - 14:00 Resource Type Webinars Resource Content Move beyond the myths to understand the processes you can implement to reduce risk from security vulnerabilities. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/202713?utm_source=Website&utm_medium=w… Resource Topic Security Exclude from resource page No
Categories: Vendor

Black Duck Releases Free Version of Hub Open Source Security Solution

Wed, 05/25/2016 - 13:54
Black Duck Releases Free Version of Hub Open Source Security Solutionhleclair Wed, 05/25/2016 - 12:54

Web-based Security Checker allows users to determine if known open source vulnerabilities are in the components used to build applications  

BURLINGTON, MA May 25, 2016Black Duck, the global leader in automated solutions for securing and managing open source software, today released Security Checker, a free, drag-and-drop tool for users to identify known open source security vulnerabilities in their code.

Based on Black Duck’s flagship Hub open source security solution, Security Checker scans the code contained in an uploaded archive file (e.g. .tar, .jar, .zip) or Docker image and provides a report showing the identified open source and related known security vulnerabilities. 

“Applications represent the greatest level of risk on the security-threat landscape and we expect that Security Checker scan results will provide an ‘aha moment’ for many open source users,” said Black Duck CEO Lou Shipley. “Their findings will focus attention on the need to regularly review application code to ensure it’s free of known open source vulnerabilities.” 

Open source use is ubiquitous worldwide because it reduces development costs, frees developers to work on higher-level tasks and accelerates time to market. It is the way applications are developed today. “Organizations definitely want to maximize all the benefits they get from open source, and as open source usage has increased, they’re realizing that it’s imperative to secure and manage their open source more effectively,” said Shipley.

The maximum file size for a Security Checker scan is 100MB and Shipley noted that “start to finish the process takes about 15 minutes. It’s a worthwhile investment of time to get valuable insights into the security of your open source code.”

Earlier this month Black Duck released a revealing report based on data from open source security audits of 200 commercial applications, conducted by its On-Demand business unit. The report confirms the widespread use of open source in application development and also highlights persistent challenges in securing and managing the open source in use.

Among the findings: 67 percent of the audited applications contained known open source security vulnerabilities; more than one third of the vulnerabilities identified were classified as “severe”; and 10 percent of the applications contained the Heartbleed vulnerability, which was discovered in April 2014.

Security Checker is available at: blackducksoftware.com/checker.

 

About Black Duck Software

Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

Media Contacts:

Black Duck
Brian Carter, Director of Strategic Communications
bcarter@blackducksoftware.com
508-277-7570

PAN Communications
Michael O’Connell/ Tiffany Darmetko
blackduck@pancomm.com
617-502-4300

 

 

Categories: Vendor

InfoSecurity Europe

Tue, 05/17/2016 - 12:49
InfoSecurity Europehleclair Tue, 05/17/2016 - 11:49 06/07/2016 06/09/2016 London, UK InfoSecurity Europe

Join Black Duck Software in Stand G160 at InfoSecurity Europe. Savinder Chauhan, Director of Sales Engineering at Black Duck will also be presenting, "How to Manage and Secure Your Use of Open Source: Challenges and How to Address Them" on 09 Jun 2016, from 10:40 - 11:05 in the Technology Showcase.

Infosecurity Europe is region's number one information security event featuring Europe's largest and most comprehensive conference programme, and over 315 exhibitors showcasing the most diverse range of products and services to 12,000 visitors.

Categories: Vendor

Empowering Application Security in DevOps

Thu, 05/12/2016 - 16:00
Empowering Application Security in DevOpshleclair Thu, 05/12/2016 - 15:00 Resource Type Webinars Resource Content How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Resource Image Resource Link https://www.brighttalk.com/webcast/13983/201341?utm_source=Website&utm_medium=w… Resource Topic Security Exclude from resource page No
Categories: Vendor