Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

Black Duck Software Press Releases
Syndicate content
Updated: 11 hours 15 min ago

Application Security: 6 Myths of Open Source Management

Wed, 05/25/2016 - 15:00
Application Security: 6 Myths of Open Source Managementhleclair Wed, 05/25/2016 - 14:00 Resource Type Webinars Resource Content Panamanian law firm Mossack Fonseca leaked 2.6 terabytes of data in the Panama Papers data breach. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/202713?utm_source=Website&utm_medium=w… Resource Topic Security Exclude from resource page No
Categories: Vendor

Empowering Application Security Protection in the World of DevOps

Thu, 05/12/2016 - 16:00
Empowering Application Security Protection in the World of DevOpshleclair Thu, 05/12/2016 - 15:00 Resource Type Webinars Resource Content How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Resource Image Resource Link https://www.brighttalk.com/webcast/13983/201341?utm_source=Website&utm_medium=w… Resource Topic Security Exclude from resource page No
Categories: Vendor

PCI and Vulnerability Assessments - What’s Missing?

Wed, 05/04/2016 - 16:00
PCI and Vulnerability Assessments - What’s Missing?hleclair Wed, 05/04/2016 - 15:00 Resource Type Webinars Resource Content All regulatory requirements (HIPAA, PCI, etc.) include a mandate for assessing vulnerabilities in systems that manage or store sensitive data. Organizations often opt to conduct vulnerability assessments on an annual, quarterly, or even monthly basis. But while vulnerability assessment tools can identify unpatched or misconfigured code bases, these tools overlook a large portion of an organization’s attack surface: known vulnerabilities in applications that are built in-house. These applications will not have public updates, nor will the thousands of open source components they utilize be included in public disclosures. This is concerning because over 6,000 vulnerabilities in open source projects have been reported since 2014. Register for this webinar to discover how to protect yourself. Resource Link https://www.brighttalk.com/webcast/13983/199317 Exclude from resource page Exclude from resource page
Categories: Vendor

Future of Open Source Survey 2016 Results

Wed, 04/27/2016 - 19:00
Future of Open Source Survey 2016 Resultshleclair Wed, 04/27/2016 - 18:00 Resource Type Webinars Resource Content Today, open source drives technology and development forward. Resource Image Resource Link https://www.brighttalk.com/webcast/13983/199027 Exclude from resource page No
Categories: Vendor

Open Source Outlook: Expected Developments for 2016

Wed, 04/20/2016 - 16:30
Open Source Outlook: Expected Developments for 2016hleclair Wed, 04/20/2016 - 15:30 Resource Type Webinars Resource Content 2015 saw continued growth for open source software across many dimensions, a trend expected to continue in this coming year and a range of interesting developments that we reviewed in the last webinar.
In this webinar, the panelists will discuss:
- Open source and application security
- Community-centered compliance as reflected in OpenChain and SPDX
- The explosion of company involvement in collaborative projects
- The direction of the VMware case and other topics we anticipate being hot this year
Register now to join Black Duck, Mark Radcliffe and Karen Copenhaver on to discuss the hot topics generating buzz in the year to come. Resource Link https://www.brighttalk.com/webcast/13983/199723 Resource Topic Security Compliance Open Source Development Exclude from resource page Exclude from resource page
Categories: Vendor

Q1 2016 Open Source Security Report: Glibc and Beyond

Tue, 04/19/2016 - 16:30
Q1 2016 Open Source Security Report: Glibc and Beyondhleclair Tue, 04/19/2016 - 15:30 Resource Type Webinars Resource Content The first quarter of 2016 was a big one for new open source security vulnerabilities. The Glibc vulnerability was by far the biggest. It impacts nearly 900K of the 1 million different open source projects. In this webinar, we’ll dive into Glibc and the Q1 data to help you:
- Understand latest trends in open source security threats and what it means to your organization in 2016
- Simple steps to quickly find and protect yourself from newly reported threats
- Prepare your organization to respond to new vulnerabilities in open source projects Resource Link https://www.brighttalk.com/webcast/13983/199735 Resource Topic Security Exclude from resource page Exclude from resource page
Categories: Vendor

Black Duck Releases Latest Version of Hub Open Source Security Solution

Wed, 04/06/2016 - 14:37
Black Duck Releases Latest Version of Hub Open Source Security Solutionhleclair Wed, 04/06/2016 - 13:37

Includes increased code-scanning speed and new functionality to complement agile development

BURLINGTON, MA – April 6, 2016 – Black Duck, the global leader in automated solutions for securing and managing open source software, today released the latest version of Black Duck Hub, its flagship security solution, highlighting increases in code-scanning speed and new functionality that complements agile development processes.

Hub 3.0 streamlines Continuous Integration and DevOps processes through policy management and rapid-scanning capabilities that provide complete visibility into the open source code in both applications and containers. This accelerates development through early and continuous detection of known open source vulnerabilities and out-of-policy code.

“Agile development addresses customers’ constant demand for faster delivery of new functionality and features. Agility increases when dev teams can flag vulnerabilities and offending code early on. If vulnerabilities don’t surface until later in the dev cycle, time is lost and cost of remediation increases significantly. Agility takes a big hit,” said Black Duck CEO N. Louis Shipley.

“Open source is how today’s applications are built. With open source often comprising the majority of an application’s code, policy management along with fast, comprehensive identification of all open source code, and mapping of all known vulnerabilities are crucial,” said Shipley.

Hub’s automatic scanning and identification are up to 100 times faster than prior versions.  Additionally, Hub does full signature scans, finding all open source and known vulnerabilities, even if they aren’t declared in package manifests.

New Hub policy management capabilities allow creation of exception-based polices to identify open source components that do not meet defined security, license or operational risk. Policy conditions include: license type, component name or usage, number of newer versions available and project characteristics (tier, phase, distribution model). Policies can be overridden by occurrence.

Hub supports open source component and source identification down to the Linux distribution level. Current distributions supported include: Red Hat Enterprise Linux (RHEL), Fedora, Alpine and Debian.

 

About Black Duck Software

Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

Media Contacts:

Black Duck

Brian Carter, Director of Strategic Communications

bcarter@blackducksoftware.com

508-277-7570

 

PAN Communications

Michael O’Connell

blackduck@pancomm.com

617-502-4300

Categories: Vendor

Linux Foundation

Fri, 04/01/2016 - 15:05
Linux Foundationblackduck Fri, 04/01/2016 - 14:05

The Linux Foundation is the non-profit consortium dedicated to fostering the growth of Linux. Founded in 2007, the Linux Foundation sponsors the work of Linux creator Linus Torvalds and is supported by leading Linux and open source companies and developers from around the world.

Black Duck sponsors and speaks at Linux Foundation events and is one of the major supporters of the foundation’s Software Package Data Exchange® (or SPDX®) initiative.

http://www.linuxfoundation.org/
Categories: Vendor

SourceForge

Fri, 04/01/2016 - 15:04
SourceForgeblackduck Fri, 04/01/2016 - 14:04

SourceForge.net is the world's largest open source software development website. They provide free services that help people build cool stuff and share it with a global audience.

http://sourceforge.net/
Categories: Vendor

NIST

Fri, 04/01/2016 - 15:03
NISTblackduck Fri, 04/01/2016 - 14:03

The National Vulnerability Database (NVD) is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

http://nvd.nist.gov/
Categories: Vendor

CodePlex

Fri, 04/01/2016 - 15:02
CodePlexblackduck Fri, 04/01/2016 - 14:02

Launched in June 2006, CodePlex is Microsoft’s open source project hosting site. Built on Microsoft Visual Studio® 2008 Team Foundation Server, CodePlex hosts thousands of open source projects with support for source control, bug tracking, wiki pages, release management, forums, and project statistics. Additionally, CodePlex supports source control clients for Subversion and Teamprise. As of February, 2009, more than 230,000 software projects have been registered to use our services by more than 2 million registered users, making CodePlex the largest collection of open source tools and applications on the net.

http://www.codeplex.com/
Categories: Vendor

Rosenlaw & Einschlag

Fri, 04/01/2016 - 15:01
Rosenlaw & Einschlagblackduck Fri, 04/01/2016 - 14:01

Rosenlaw & Einschlag's specialty is technology and computer law. They can help you with copyright, patent, trademark, trade secret and other issues relating to intellectual property. They also understand the business aspects of technology, and can help you develop and implement an intellectual property strategy that supports your business objectives.

http://www.rosenlaw.com/
Categories: Vendor

swampUP - Jfrog User Conference

Tue, 03/29/2016 - 16:36

swampUP - Jfrog User Conference
Napa Valley, California
May 23-24

swampUP provides the perfect platform for the elite members of the DevOps and Dev communities to share their Continuous Integration and Continuous Delivery best practices. You can share knowledge, exchange ideas, build relationships, and come together as a community in a comfortable setting. Like other conferences, you will have the chance to attend sessions and meet Artifactory and Bintray users from all over the world. Unlike other conferences, we have specially built our program so our community can relax, mingle, and have the flexibility to spend the evening in the amazing Napa Valley and discuss CI with a glass of wine at hand. 

Learn more.

 

Event Dates:  Monday, May 23, 2016 to Tuesday, May 24, 2016 Lead Segment:  License
Categories: Vendor

Cyber Security Gov

Tue, 03/29/2016 - 16:34

Cyber Security Gov
Washington DC
May 19-20

With a unique perspective on what is at stake, cybersecurity professionals are being called on as agents of change to influence and empower the government's progress at all levels and in new ways. Join us for the 4th Annual (ISC)² CyberSecureGov - a two-day cybersecurity training event in Washington D.C. designed to shake up the status quo and incite progress in new ways. 

Learn more.

Event Dates:  Thursday, May 19, 2016 to Friday, May 20, 2016 Lead Segment:  License
Categories: Vendor

Secure World – Houston

Tue, 03/29/2016 - 16:33

Secure World – Houston
Houston, TX
May 11

Learn more.

Event Dates:  Wednesday, May 11, 2016 Lead Segment:  License
Categories: Vendor

Secure World – Kansas City

Tue, 03/29/2016 - 16:31

Secure World – Kansas City
Kansas City, MI
May 4

Learn more.

Event Dates:  Wednesday, May 4, 2016 Lead Segment:  License
Categories: Vendor

North America CACS

Tue, 03/29/2016 - 16:28

North America CACS
New Orleans, LA
May 2 – May 4

Connect with the most dynamic minds and practitioners in information systems audit, control and security. Embrace the tools and knowledge to be on top of your game, and ahead of any curve. Secure your place at ISACA’s prestigious North America CACS 2016 Conference, in New Orleans, Louisiana, USA, 2-4 May 2016. 

Learn more.

Event Dates:  Monday, May 2, 2016 to Wednesday, May 4, 2016 Lead Segment:  License
Categories: Vendor

COBIT Conference North America

Tue, 03/29/2016 - 16:08

COBIT Conference North America
New Orleans, LA
April 30- May 1

Discover how ISACA’s globally accepted and industry-leading COBIT 5 business framework adds value and mitigates risk while enabling enterprises to be more flexible and adaptable to the ever-changing environment of information systems and business. Learn how it can be customized to optimize resources, and ensure effective, adaptable governance. Join information systems and business leaders, experts and fellow professionals for the COBIT Conference 2016 immediately preceding the prestigious North America CACS Conference 2016 in New Orleans, Louisiana, USA.

Learn more.

Event Dates:  Saturday, April 30, 2016 to Sunday, May 1, 2016 Lead Segment:  License
Categories: Vendor

Secure World – Philadelphia

Tue, 03/29/2016 - 16:05

Secure World
Philidelphia, PA
April 20-21

Learn More.

Event Dates:  Wednesday, April 20, 2016 to Thursday, April 21, 2016 Lead Segment:  License
Categories: Vendor

What Vulnerability Assessment Tools Miss

Tue, 03/22/2016 - 18:00
Webinar

Open source software and code has become common place in application development, as have the use of vulnerability assessment tools. After all, no one wants to be the victim of the next Heartbleed, Poodle or Logjam. But vulnerability assessment tools, while helpful, have blind spots. How can you ensure that you are protecting your networks and applications from newly disclosed vulnerabilities? Join Black Duck Software and (ISC)2 on March 22, 2016 at 1:00PM Eastern for a discussion on VA Tools, Open Source Assets and secure application developmen

What Vulnerability Assessment Tools Miss Asset Value:  Low value Redirect:  https://www.brighttalk.com/webcast/5385/189897
Categories: Vendor