A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing
via Synopsys Software Integrity blog: I’m proud to report that the 2018 Gartner Magic Quadrant for Application Security Testing has positioned Synopsys as a leader for the second consecutive year. This designation clearly illustrates our growing vision and ability to execute on our solutions. For more information, download your copy of the 2018 Gartner Magic Quadrant for Application Security Testing.
via Silicon UK: “In general, we support initiatives like GitHub’s Security Alerts as they aim to help open source project teams produce more secure code,” explained Tim Mackey, technology evangelist at open source code security experts Black Duck by Synopsys. “Open source is pervasive and it plays an increasingly critical role in the software ecosystem, so any measures that bolster open source security should be applauded,” he added. It should be noted that Black Duck by Synopsys does provide a similar free service for open source project teams called CoPilot.
via Infoworld: Over the last decade, Black Duck by Synopsys has recognized some of the most innovative and influential open source projects launched each year. This recognition is a tribute to the success and momentum of these projects, and affirmation of their prospects going forward. We’ve seen honorees like Kubernetes (2014), Docker (2013), Ansible (2012), Bootstrap (2011), NuGet (2011), and OpenStack (2010) evolve to become some of the most influential open source projects in the market. We expect this year’s rookies to be no exception.
via SD Times: Synopsys is continuing on with Black Duck’s tradition of naming Open Source Rookies of the Year. The decade-long tradition was established by Black Duck and designed to recognized the latest and greatest open-source projects. Synopsys announced it had acquired Black Duck Software in December of last year. The Open Source Rookies represent the top open source projects that were initiated in 2017. The projects cover a range of different areas including autonomous driving, scalable blockchain, and virtual network functions orchestrations, personal security, and relationship management.
via Synopsys Software Integrity blog: At Black Duck by Synopsys, we work with the community and organizations to understand how the open source community is thinking about technology and the future. As part of that process, we view our connection to the open source community as a key component to understanding both where the development community is and where the open source community is moving next.
via Black Duck blog: 2018 is the Rookies report’s 10th anniversary, and this year’s honorees exemplify the core tenets of open source. They push the boundaries of technological innovation, build on the contributions of projects before them, lay the foundation for projects that succeed them to innovate, and engage the community for material contributions to—and strategic guidance on—the projects themselves.
via Data Center Knowledge: Even commercial software is not immune to the open source trend. According to Synopsys-owned Black Duck Software, which tracks open source code, open source components are now present in 96 percent of commercial applications. Open source components make development faster and cheaper for both commercial software shops and in-house teams. "All of these things lead to a stack of open source," said Tim Mackey, senior technical evangelist for Black Duck. But there's a downside to the spread of open source code, and that downside is patch management.
via Linux Foundation: Banking, Commerce, Media, Agriculture, Energy and other massive industry sectors are wholly dependent on the widespread use of open source software to function. Of course, each industry is different and faces its own set of unique challenges and requirements. In particular, the automotive industry is rightfully cautious about all software, not just open source. However, the industry has come to trust proven platforms that have shown results over time, rather than novel capabilities.
via Black Duck blog: Open source voting applications are already playing a role in elections in New Hampshire. San Francisco, Los Angeles, and Travis County, Texas are allocating funds to move toward open source voting systems as well. If the FEC does replace proprietary software with open source, it should consider automated security tools in addition to the open source community to provide a more complete application security picture.