Fred Bals | Senior Content Writer/Editor

Fred is the Senior Storyteller at Black Duck. He’s a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.

Recent Posts

Many Black Duck-related news stories in this week’s edition of Open Source Insight, thanks to the release of our 2017 Open Source Security and Risk Analysis detailing significant cross-industry risks related to open source vulnerabilities and license compliance challenges. Black Duck conducts

| MORE >

Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).   In open source security and cybersecurity news: Take the opportunity to join the Open

| MORE >

Seven days into the cruelest month and the redesigned NVD already has 255 CVEs listed, including a slew of discovered vulnerabilities in various Huawei devices as the screencap below reflects. It was a relatively slow week in open source security and cybersecurity news. Highlights: The German

| MORE >

Dave Gershgorn, an AI reporter, published an interesting article on Quartz late last week with the ungainly but click-baitable title, “This open-source tech company’s IPO filing reads like an argument against building a business on open source.” The open source company in question is data

| MORE >

NIST redesigned the National Vulnerability Database with a much-needed, modernized look-and-feel — including a scrolling list of the latest scored vulnerabilities and a “visualization” section designed to provide different ways to look at the data. First impression? While some kinks still need to

| MORE >

Seldom a month goes by where the NVD entries don’t break 1,000, and March 2017 is no exception. The vulnerability of the week is CVE-2017-2636, a serious security flaw in Linux kernel that appears to have been around since 2009. More on that story below. Other open source security and

| MORE >

CVE-2017-5638 – the Struts Buster – still leads the news cycle with the Canadian Revenue Agency taken offline to deal with the vulnerability, and Statistics Canada hacked. If you haven’t patched for CVE-2017-5638, go get that update.  The hits keep on coming at the NVD with 657 entries now listed

| MORE >

If you’re running an Apache Struts 2 server and haven’t patched for CVE-2017-5638, stop reading right now and do so. Researchers are reporting that exploits of the vulnerability are trivial to carry out, highly reliable and require no authentication. While NIST has only had a placeholder for the

| MORE >

February wound down with 1075 CVEs entries total  in the National Vulnerability database.  Before we get into this week’s news, some interesting numbers around software composition analysis (SCA) and open source security via the recently released reports:  The Forrester Wave™: Software Composition

| MORE >

We’re very close to 1,000  CVE entries in the National Vulnerability Database. The NVD CVE report has nearly doubled for February with 650 vulnerability entries. Black Duck is noted as the leader in a new Wave report from Forrester Research. Why it’s a good idea to monitor app code to keep

| MORE >
Page 1