Fred Bals | Senior Content Writer/Editor

Fred is the Senior Storyteller at Black Duck. He’s a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.

Recent Posts

CVE-2017-5638 – the Struts Buster – still leads the news cycle with the Canadian Revenue Agency taken offline to deal with the vulnerability, and Statistics Canada hacked. If you haven’t patched for CVE-2017-5638, go get that update.  The hits keep on coming at the NVD with 657 entries now listed

| MORE >

If you’re running an Apache Struts 2 server and haven’t patched for CVE-2017-5638, stop reading right now and do so. Researchers are reporting that exploits of the vulnerability are trivial to carry out, highly reliable and require no authentication. While NIST has only had a placeholder for the

| MORE >

February wound down with 1075 CVEs entries total  in the National Vulnerability database.  Before we get into this week’s news, some interesting numbers around software composition analysis (SCA) and open source security via the recently released reports:  The Forrester Wave™: Software Composition

| MORE >

We’re very close to 1,000  CVE entries in the National Vulnerability Database. The NVD CVE report has nearly doubled for February with 650 vulnerability entries. Black Duck is noted as the leader in a new Wave report from Forrester Research. Why it’s a good idea to monitor app code to keep

| MORE >

The NVD CVE report has nearly doubled for February with 650 vulnerability entries. Black Duck experts are in the news talking about the risks of not knowing what open source is in your code, and what practices you can take to manage and secure open source. Why are businesses still concerned about

| MORE >

For the first full week of February, the NVD reports 363 vulnerability entries. Speaking of vulnerabilities, Risk Based Security announced this week that 2016 broke the previous all-time record for the highest number of reported vulnerabilities. The 15,000 vulnerabilities cataloged during 2016 by

| MORE >

We’ve broken the 1,000 mark as we enter February, with 1141 entries now listed in the National Vulnerability Database. What makes up an NVD “Common Vulnerability and Exposures” entry? Let’s look at CVE-2016-10105, originally released on 1/3/17: it’s a critical (9.8) vulnerability in Piwigo, open

| MORE >

As the last full week of the first month of the year draws to a close, 715 CVE entries are now listed for January 2017 in the National Vulnerability Database. Sometimes cybersecurity feels like a Sisyphean task. It's been more than three years since the discovery of the critical OpenSSL Heartbleed

| MORE >

A big jump in CVEs from last week, with 547 entries now listed in the NVD and a multitude of cross-site scripting (XSS) vulnerabilities leading the pack as usual. One of the more interesting of those vulnerabilities is a supersized password protection problem for McDonalds.com due to a cross-site

| MORE >

We’re now at 155 vulnerabilities for January 2017, with the usual mixture of open source and proprietary software vulnerabilities discovered, including a Microsoft Edge elevation of privilege vulnerability and a denial of service vulnerability. More information can be found at the NVD. Let’s take

| MORE >
Page 1