Black Duck Announces OpsSight for DevOps Open Source Security

Black Duck Announces OpsSight for DevOps Open Source Security at FLIGHT 2017

Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life cycle, the initial release of OpsSight is optimized for Red Hat’s OpenShift Container Platform.

If you missed FLIGHT 2017, you can read all the news about OpsSight below, as well as stories on FLIGHT keynoters Charlie Miller and Chris Valasek’s presentation on why IoT insecurity is here to stay; the top 5 cybersecurity mistakes you need to avoid; the SEC prepares new cybersecurity guidelines; and security for the connected car.

IoT is Insecure, Get Over It!

via Threat Post: Noted security experts Charlie Miller and Chris Valasek said the Internet of Things can’t be secure, but it can be tamed during their keynote at Black Duck Software’s Flight 2017 conference.

New Tech for Ops Crew: Scanning Containers for Open-Source Vulns

via The Register: OpsSight, Black Duck’s first product specifically targeting the production phase of the software development life cycle, was unveiled at the firm’s annual user conference – Flight 2017 – on Tuesday. The technology is designed to allow organisations to validate the contents and securing container images in production, an increasingly important requirement as use of container technology becomes more commonplace in software development.

Introducing Black Duck OpsSight, A Proactive and Scalable Approach to Container Security

3 Ways OpsSight Extends Open Source Security to Production 

via Black Duck blog (Neal Goldman): With OpsSight, Black Duck extends its coverage of open source security vulnerability detection to another area of the software development lifecycle. We have great integrations with development tools, making vulnerability and compliance scanning easy for developers. Now we’re making it easier for operations and productions teams to do the same scanning and monitoring for security vulnerabilities themselves.

Black Duck Launches New Container Security Solution

via SD Times: OpsSight features automated scanning and inventorying of open source components in container images, identifies and highlights images that contain known security vulnerabilities, flags containers that violate open source security policies and provides automated alerts into newly discovered vulnerabilities. 

Next Level Container Vulnerability Management with OpsSight

via Black Duck blog (Evan Klein): Today, we are happy to announce the launch of our new product, Black Duck OpsSight, a solution that brings open source visibility and control to operations teams managing large scale container deployments. The first supported platform for OpsSight is the Red Hat OpenShift Container Platform 

Announcing Hub Detect: Open Source Discovery for a DevOps World

via Black Duck blog (Bill Ledingham): Hub Detect removes the pain of identifying all the package managers and CI tools teams are using and configuring them individually to make Hub work the way they want in their environment. Instead, this new feature detects which package managers (if any) are being used and automatically pulls in and configures the right integrations for the scan.

Top 5 Cybersecurity Mistakes IT Leaders Make, and How to Fix Them

via Tech Republic: Despite increasing risks, cybersecurity professionals continue to find that their teams are understaffed and underskilled, according to a new report from the Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG), released Wednesday.

What's Under Your Hood? Security & the Connected Car

via Black Duck blog (Kiara White): There can be up to millions of lines of code that keep a car, and its passengers, safe, connected, and on time. Back-up sensors, infotainment systems, and tire-pressure monitoring are all being run on a mixture of open source and proprietary code. Code is code; if vulnerabilities exist, code can be hacked

Fifteen-year-old Black Duck Software Gets Its Exit, Selling to Synopsys for $565 Million

via Tech Crunch: The deal, expected to close next month, reflects the shift in how enterprises buy and deploy software, with software that’s open to change and free to adopt no longer the exception but the rule. In fact, open-source software now makes up more than 60 percent of the code in today’s applications. Synopsys is buying Black Duck to strengthen its ability to push security and quality testing throughout its software’s development life cycle, reducing risk for its customers.

SEC Says Companies Can Expect New Guidelines on Reporting Cybersecurity Breaches

via Wall Street Journal: The agency will probably update directions that it gave to companies over six years ago, before the spate of high-profile breaches, including at the SEC itself and Equifax.

Connected Car Security Report

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


SEC and Cybersec Risks, GDPR Looms, What’s Going on with the NVD?

| Feb 23, 2018

In this week’s open source security and cybersecurity news: Free software comes with a price. Learn how a PE firm wraps open source due diligence into its tech investing. The SEC provides guidance on public cybersecurity. The Defense Department (re)launches its open source portal. A look at

| MORE >

Big Data Breaches, Costly Cyberattacks, Vuln Detection for Kubernetes

| Feb 16, 2018

  This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and

| MORE >

Happy Birthday Open Source and Application Security for 2018

| Feb 9, 2018

Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical

| MORE >