Fred Bals | Senior Content Writer/Editor

Fred is the Senior Storyteller at Black Duck. He’s a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.

Recent Posts

The NVD CVE report has nearly doubled for February with 650 vulnerability entries. Black Duck experts are in the news talking about the risks of not knowing what open source is in your code, and what practices you can take to manage and secure open source. Why are businesses still concerned about

| MORE >

For the first full week of February, the NVD reports 363 vulnerability entries. Speaking of vulnerabilities, Risk Based Security announced this week that 2016 broke the previous all-time record for the highest number of reported vulnerabilities. The 15,000 vulnerabilities cataloged during 2016 by

| MORE >

We’ve broken the 1,000 mark as we enter February, with 1141 entries now listed in the National Vulnerability Database. What makes up an NVD “Common Vulnerability and Exposures” entry? Let’s look at CVE-2016-10105, originally released on 1/3/17: it’s a critical (9.8) vulnerability in Piwigo, open

| MORE >

As the last full week of the first month of the year draws to a close, 715 CVE entries are now listed for January 2017 in the National Vulnerability Database. Sometimes cybersecurity feels like a Sisyphean task. It's been more than three years since the discovery of the critical OpenSSL Heartbleed

| MORE >

A big jump in CVEs from last week, with 547 entries now listed in the NVD and a multitude of cross-site scripting (XSS) vulnerabilities leading the pack as usual. One of the more interesting of those vulnerabilities is a supersized password protection problem for McDonalds.com due to a cross-site

| MORE >

We’re now at 155 vulnerabilities for January 2017, with the usual mixture of open source and proprietary software vulnerabilities discovered, including a Microsoft Edge elevation of privilege vulnerability and a denial of service vulnerability. More information can be found at the NVD. Let’s take

| MORE >

We kick off the New Year with 83 NVD entries found for January 2017, including CVE-2014-9912, logged as a critical flaw in PHP.  An upstream patch can be found here. In this week’s open source and cybersecurity news: TechRepublic takes a look at why the earliest open source licenses are still the

| MORE >

A week after logging only 36 vulnerabilities, the NVD report leaped to 306 entries on December 16th, making last week’s prediction that 2016’s vulnerabilities total would exceed 6500 even more likely.   Speaking of predictions, Black Duck’s open source security experts’ predictions for 2017

| MORE >

It’s December 9, 2016, and the NVD reports 36 entries so far this month. By the end of 2015, the total number of vulnerabilities reported by the NVD for the year was over 6,500.  As we get ready to close 2016, we stand at just over 6,000 with three more weeks to go in the year, so it looks as if

| MORE >

In October, I wrote about the four levels of open source risk maturity, a model that organizations can use to evaluate where they stand in terms of the vulnerability and licensing risks they may be exposing themselves to in the course of their use of open source. To digress for a moment, as this

| MORE >
Page 1