-
Jan 9, 2025 | 
cybersecasia.net | Fred Bals
According to our research, there are clear parallels between the current surge in AI-assisted software development and the historic embrace of Open Source software by developers. In our opinion, both movements have helped to revolutionize software development, but both have also introduced unique security challenges. While AI adoption by development teams is nearly universal, securing AI-generated code lags, mirroring the early days of unmanaged (and unsecured) Open Source use.
-
Nov 23, 2024 | 
manilatimes.net | Fred Bals
Register to read this story and more for free. Signing up for an account helps us improve your browsing experience. Continue OR See our subscription options. Already have an account? Log in here
-
Nov 20, 2024 | 
technologyforyou.org | Fred Bals
By: Fred Bals, Senior Security Researcher, Black DuckRemember how quickly open source software went from niche to normal? The new “Global State of DevSecOps” report from Black Duck argues that there are clear parallels between the current surge in AI-assisted development and the historic embrace of open source software by developers. As the report notes, both movements have helped to revolutionize software development, but both have introduced unique security challenges.
-
Nov 12, 2024 | 
securityboulevard.com | Fred Bals
Key findings from the Software Vulnerability Snapshot The 2024 analysis identified a total of 96,917 vulnerabilities, with several critical issues standing out. Cryptographic Failures (Sensitive Data Exposure): This category accounted for 30,726 vulnerabilities, including 4,882 critical-risk instances. Affecting 86% of clients, it represents one of the most common and serious security issues across industries.
-
Nov 12, 2024 | 
securityboulevard.com | Fred Bals
By Fred Bals Get insights from the Software Vulnerability Snapshot Report, including industry-specific challenges & AppSec recommendations for securing your software. The post Software Vulnerability Snapshot Report Findings appeared first on Blog ...
-
Jul 24, 2024 | 
synopsys.com | Patrick Carey |Fred Bals |Mike McGuire |Taylor Armerding
Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.
-
Apr 9, 2024 | 
synopsys.com | Mike McGuire |Taylor Armerding |Fred Bals |Tim Mackey
Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.
-
Apr 8, 2024 | 
synopsys.com | Charlotte McGuinn Freeman |John Waller |Fred Bals |Tim Mackey
Enterprise organizations face big challenges in managing software application risk at scale. With hundreds of developers working on thousands of applications across numerous business units, the complexity of ensuring security throughout the software development life cycle (SDLC) is staggering.
-
Apr 1, 2024 | 
synopsys.com | Vishrut Iyengar |Fred Bals |Mike McGuire
Software supply chain management requires license as well as security compliance If you’re a software developer, you’re probably using open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges for your organization?
-
Mar 22, 2024 | 
synopsys.com | Fred Bals |Tim Mackey |Mike McGuire
Software may not be as universal as the air we breathe, but it’s getting close. We all depend on it in multiple ways—if you’re a business, even if you’re not selling a software product, you’re still using it to run your operations. And most of that software is open source. It’s not only present in nearly every codebase now in use, but it also amounts to an average of about 77% of the components in those codebases.
