Black Duck is now a part of Synopsys, with the acquisition complete this week. Dr. Andreas Kuehlmann, General Manager of the Synopsys Software Integrity Group provides some background of how Synopsys and Black Duck joining forces will enhance the company’s efforts in the software security market by broadening our product offering and strengthening the Software Integrity Platform. Tim Mackey, technical evangelist for Black Duck, tackles the tricky issue of container security. Mike Pittenger, vice president of security strategy for Black Duck, discusses open source security, the Equifax breach, OpenSSL and Heartbleed, and why a “software parts list” will become increasing important to organisations wanting to stay secure. This week’s open source security and cybersecurity news follows in Open Source Insight.

1. Open Source Insight:
Black Duck Now Part of Synopsys, Tackling Container Security
Fred Bals | Senior Content Writer/Editor

2. Cybersecurity News This Week
Black Duck is now a part of Synopsys, with the acquisition complete this week. Dr.
Andreas Kuehlmann, General Manager of the Synopsys Software Integrity Group
provides some background of how Synopsys and Black Duck joining forces will
enhance the company’s efforts in the software security market by broadening our
product offering and strengthening the Software Integrity Platform.
Tim Mackey, technical evangelist for Black Duck, tackles the tricky issue of
container security. Mike Pittenger, vice president of security strategy for Black
Duck, discusses open source security, the Equifax breach, OpenSSL and
Heartbleed, and why a “software parts list” will become increasing important to
organisations wanting to stay secure.
This week’s open source security and cybersecurity news follows in Open Source
Insight.

3. • Tackling Security with Container Deployments
• 10 Open Source Predictions for 2018
• Application Security in the Age of Open Source
• The Rise (and Rise) of Open Source Software
and the Need for Effective Security
• 6 DevSecOps Best Practices: Automate Early
and Often
• The Hidden Costs of Open Source Security
Software
Open Source News

4. More Open Source News
• Synopsys Boosts Portfolio With Black Duck
Software Buyout
• Synopsys Strengthens Software Integrity Platform
with Black Duck Acquisition
• Tackling Security With Container Deployments
• Black Duck Takeover Named Deal of the Month
• Regulatory Compliance and the Need for Security
• Synopsys a Leader in the Forrester Wave: SAST

5. via Container Journal: Tim Mackey, technical
evangelist for open source security company
explains why development teams must be able
to find security vulnerabilities in the development
environment, and why operations teams need to
have the same insight to prevent insecure
containers from becoming a danger in
production.
Tackling Security with Container
Deployments

6. 10 Open Source Predictions for 2018
via ITWeb: Black Duck says that while almost everyone uses open
source – it's currently found in around 95% of applications – this
figure is likely to edge closer to 100% by the end of 2018.

7. via Security Intelligence (On-demand
Webinar): Hear IBM and Black Duck present an
educational webinar on what it takes to keep
your apps safe in the age of open source.
Application Security in the Age
of Open Source

8. The Rise (and Rise) of Open Source Software
and the Need for Effective Security
via ITProPortal: Mike Pittenger, vice president of security strategy
for Black Duck Software, discusses open source security, the Equifax
breach, OpenSSL and Heartbleed, and why a “software parts list” will
become increasing important to organisations wanting to stay secure.

9. via Tech Beacon: Despite growing concerns
about the risks of using third-party software
components, enterprises are using more open-
source software in applications, not less,
according to a survey Black Duck Software
conducted early in 2017.
6 DevSecOps Best Practices:
Automate Early and Often

10. The Hidden Costs of Open Source
Security Software
via Information Week: Open source software, such as the Linux
OS, the WordPress CMS, and thousands of different cyber
security tools, has exploded in popularity. Black Duck’s 2017 Open
Source 360° survey found that 90% of organizations use open
source software, and 60% of respondents reported that the use of
their organization's open source software had increased over the
previous year.

11. via NASDAQ: Synopsys, Inc. SNPS recently
completed the acquisition of Black Duck
Software announced in November. Black Duck is
a provider of solutions related to security and
management of open source software. The deal
was valued at $547 million net of cash acquired.
Synopsys Boosts Portfolio With Black Duck
Software Buyout

12. Synopsys Strengthens Software Integrity
Platform with Black Duck Acquisition
via Black Duck Blog (Dr. Andreas Kuehlmann | General Manager
Software Integrity Group, Corporate Staff Synopsys): Today, Synopsys
completed the acquisition of Black Duck Software, a well-respected,
established leader in Software Composition Analysis (SCA), which helps
organizations identify open source components in their software and check
those components for known security vulnerabilities. The two companies are
strategically aligned, with a shared vision of building security and quality into
the software development life cycle and across the cyber supply chain. Black
Duck will enhance our efforts in the software security market by broadening
our product offering and strengthening the Software Integrity Platform.

13. via Information Age: The most effective and proactive way
of controlling that security risk is by finding and removing
vulnerabilities in base image.
Tackling Security With Container Deployments

14. Black Duck Takeover Named Deal
of the Month
via Insider Media: Black Duck Software, which has operations in
Belfast, being acquired by a Nasdaq-listed counterpart in a transaction
worth $547m (£411m) has been named Insider's Deal of the Month.

15. via Black Duck Blog (Chris Zybert): At Black
Duck FLIGHT 2017 Mike Pittenger, VP of
Security Strategy, presented a session called
"Equifax, the FTC Act, and Vulnerability
Scanning." In an environment as fast-paced as
application development, understanding how
regulations are evolving — and how compliance
with them impacts software developers — is a
daunting task.
Regulatory Compliance and the
Need for Security

16. Synopsys a Leader in the
Forrester Wave: SAST
via Synopsys: According to The Forrester Wave™: Static Application
Security Testing, Q4 2017, SAST remains critical to eliminate proprietary
software vulnerabilities so attackers can’t exploit them in
production. See why Synopsys was named a Leader in the Wave.

17. Subscribe
Stay up to date on open source security and cybersecurity –
subscribe to our blog today.