Synopsys Moves into Open Source Security with Black Duck Acquisition

Synopsys to Extend Security Offerings into Open Source with Black Duck Software Acquisition

Big news for Open Source Insight’s publisher as electronic design automation (EDA) and semiconductor IP company, Synopsys, announced its intention to acquire Black Duck Software to extend the firm's product offerings into open source security. This week’s newsletter includes an open letter from Black Duck CEO Lou Shipley on why the Synopsys/Black Duck deal makes sense for or both sides as well as for Black Duck customers, partners and employees.

In other open source security and cybersecurity news: Black Duck data scientist Nathan (Yiming) Zhang looks at the ongoing race between hackers and the NVD. Technology evangelist Tim Mackey explains why good containers (sometimes) go bad. Steven Zimmerman, shares insights from his recent visit to the Automotive Cybersecurity Summit. And a look into why the future of cybersecurity hangs on automation.  

Synopsys to Enhance Software Integrity Platform with Acquisition of Black Duck Software

via Synopsys press release: Synopsys, Inc. (Nasdaq: SNPS) and Black Duck Software, Inc. have signed a definitive agreement for Synopsys to acquire privately held Black Duck, a leader in automated solutions for securing and managing open source software. The addition of Black Duck's highly respected Software Composition Analysis solution will enhance Synopsys' efforts in the software security market by broadening its product offering and expanding its customer reach. 

Synopsys to Enhance Software Integrity Platform with Acquisition of Black Duck Software

Saying "Yes" to Synopsys Right Move at Right Time For Black Duck

via Black Duck blog (Lou Shipley):  Saying “yes” is in the best interests of our customers, who will have access to a wider array of security solutions from a single trusted vendor; in the best interests of our large and patient investors who funded Black Duck in its earliest days more than a decade ago; and in the best interests of our individual shareholders, the majority of whom are employees. 

Black Duck's Open (Source) Truth: 'When Good Containers Go Bad'

via Computer Weekly: Black Duck Software technology evangelist Tim Mackey explains why you need to understand what information attackers use to design their attacks when defending against attack at scale,

How Retailers Must Increase Web Security Before Holiday Shopping

via Security Boulevard: Criminals are expected to try and hijack customer and employee accounts, break into online platforms through code vulnerabilities and launch distributed denial-of-service attacks against shopping websites.

3 Takeaways from the Automotive Cybersecurity Summit

via Black Duck blog (Steven Zimmerman): And then I saw  an autonomous vehicle slowing to a stop at a traffic light, turn signal blinking and LIDAR emitter twirling, with a driver sipping coffee and eating a pastry behind the wheel, and realized I was observing the natural extension of the software-enabled trek I’d just completed to the 2017 Automotive Cybersecurity Summit.

SAVE Act Attempts to Bolster Election Security

via Tech Target: Two senators introduced a bipartisan election security bill called the SAVE Act, which aims to improve voting infrastructure and harden state systems against attack..

Open Source Cloud Storage Firm Finds Unsettling Number of Unpatched Instances Online

via Data Center Knowledge: The open source file sharing project scanned the web to find numerous vulnerable and unpatched instances of its software on critical websites.

The Future of Cybersecurity Part II: The Need for Automation

via CSO Online: Vendors are adding open source capabilities to their tools to add much needed IT infrastructure flexibility. The more tools and devices organizations add to their IT infrastructure, the more unique an ecosystem becomes. That is why open source fits more complex environments.

The Race Is On: Do Hackers Publishing Exploits Beat NVD?

via Black Duck blog (Nathan (Yiming) Zhang): Regardless how long it takes for NVD to process a CVE after first disclosure in other sources, there is a 76.19% chance that an exploit will be publicly available days earlier. 

Webinar: Lessons from Equifax: Open Source Security & Data Privacy Compliance

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


You Can’t Beat Hackers and the Pentagon Moves into Open Source

| Nov 17, 2017

We take a deep dive into security researchers Charlie Miller and Chris Valasek’s keynote at last week’s FLIGHT 2017 conference. What is “Hidden Cobra” and is it targeting US aerospace, telecommunications and finance industries? Both banks and the Pentagon are making big moves into open source. And

| MORE >

It Wasn’t an Equifax Toaster That Stole 145M People’s Personal Data

| Nov 15, 2017

The good news? Bad guy hackers are lazy, and will move on to easier pickings when confronted with good security. The bad news?  Good security is often expensive, and not necessarily a cost businesses are enthusiastic about adding to product prices and passing on to customers. Those were key

| MORE >

Black Duck Announces OpsSight for DevOps Open Source Security

| Nov 10, 2017

Continuing a month of major announcements, Black Duck launched its new product, OpsSight — comprehensive, automated open source container security for production environments — at its FLIGHT 2017 user conference in Boston this week. Targeting the production phase of the software development life

| MORE >