DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Azure Migration Strategy: Tools, Costs and Best Practices
  • Blameless Integrates Incident Management Platform With Opsgenie
  • OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
  • Red Hat Brings Ansible Automation to Google Cloud
  • Three Trends That Will Transform DevOps in 2023

Home » Features » Black Duck Targets Open Source Code Security Flaws

Black Duck Targets Open Source Code Security Flaws

Avatar photoBy: Tony Bradley on June 6, 2016 1 Comment

Open source platforms and projects offer a wide variety of benefits for organizations and developers, but they also can introduce vulnerabilities if you’re not careful. That’s why Black Duck has released Security Checker, a free tool based on its Hub open source security tool to help you identify those vulnerabilities so your applications will be secure.

Recent Posts By Tony Bradley
  • The Best Approach to Help Developers Build Security into the Pipeline
  • Better Apps and Better Security When You Shift Left
  • The Road Ahead for Security, DevOps Transformation
Avatar photo More from Tony Bradley
Related Posts
  • Black Duck Targets Open Source Code Security Flaws
  • How To Maintain Open Source Code Hygiene
  • Black Duck and Forest Technologies announce Strategic DevOps Partnership – See more at: https://www.blackducksoftware.com/news/releases/black-duck-and-forest-technologies-announce-strategic-devops-partnership#sthash.3m72gBvJ.dpuf
    Related Categories
  • Features
    Related Topics
  • black duck
  • open source software
  • Security Checker
  • vulnerability management
Show more
Show less

One of the advantages of open source is also a potential concern. Open source software has benefits from community cooperation and collaboration. More eyes and more hands contributing to the development allow for faster evolution and greater innovation. However, when all of the code is available to the public, and any developer can add or change the code, it also is an opportunity to introduce problems.

TechStrong Con 2023Sponsorships Available

While theoretically it is possible for a malicious developer to intentionally add vulnerabilities or exploits, the collaborative nature of open source projects actually makes it less likely. Any obvious attempt to insert malicious code would be detected and thwarted by other developers. The communal nature of open source development is not infallible, though, as evidenced by recent major revelations such as Heartbleed.

Open source projects that are active and properly maintained address these issues fairly quickly. The problem, however, is that organizations and developers need to be able to easily determine whether their existing applications are affected and apply the appropriate patches and updates. There also are many open source tools that are not being actively developed or supported, which means known vulnerabilities may be left unfixed.

Security Checker from Black Duck can help minimize exposure to these risks and give organizations and developers an opportunity to address any known issues. The tool is a drag-and-drop solution that allows you to scan code contained in an uploaded archive file, such as a .tar or .zip file, or in a Docker image. Security Checker then generates a report that shows identified vulnerabilities and security issues.

A recent report from Black Duck found that 67 percent of audited applications contain known open source security vulnerabilities. More than a third of the vulnerabilities identified were classified as “severe.” The most notable finding, however, is that 10 percent of the applications surveyed still contain the Heartbleed vulnerability, which was discovered in April 2014.

“Applications represent the greatest level of risk on the security threat landscape, and we expect that Security Checker scan results will provide an ‘a ha moment’ for many open source users,” said Black Duck CEO Lou Shipley in a press release statement. “Their findings will focus attention on the need to regularly review application code to ensure it’s free of known open source vulnerabilities.”

The process of scanning and generating the report takes about 15 minutes, according to Black Duck, which also noted the maximum file size Security Checker can scan is 100MB.

Filed Under: Features Tagged With: black duck, open source software, Security Checker, vulnerability management

« How To Unit Test a Class
5 Development Trends Reshaping Testing »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Automating Day 2 Operations: Best Practices and Outcomes
Tuesday, February 7, 2023 - 3:00 pm EST
Shipping Applications Faster With Kubernetes: Myth or Reality?
Wednesday, February 8, 2023 - 1:00 pm EST
Why Current Approaches To "Shift-Left" Are A DevOps Antipattern
Thursday, February 9, 2023 - 1:00 pm EST

Sponsored Content

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Practical Approaches to Long-Term Cloud-Native Security

December 5, 2019 | Chris Tozzi

Latest from DevOps.com

Azure Migration Strategy: Tools, Costs and Best Practices
February 3, 2023 | Gilad David Maayan
Blameless Integrates Incident Management Platform With Opsgenie
February 3, 2023 | Mike Vizard
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
Red Hat Brings Ansible Automation to Google Cloud
February 2, 2023 | Mike Vizard
Three Trends That Will Transform DevOps in 2023
February 2, 2023 | Dan Belcher

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

GET THE TOP STORIES OF THE WEEK

Most Read on DevOps.com

New Relic Bolsters Observability Platform
January 30, 2023 | Mike Vizard
OpenAI Hires 1,000 Low Wage Coders to Retrain Copilot | Netflix Blocks Password Sharing
February 2, 2023 | Richi Jennings
Jellyfish Adds Tool to Visualize Software Development Workflows
January 31, 2023 | Mike Vizard
Cisco AppDynamics Survey Surfaces DevSecOps Challenges
January 31, 2023 | Mike Vizard
Five Great DevOps Job Opportunities
January 30, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.