jpmellojrFeb 26
AI isn’t just changing how we code—it’s rewriting the rules of application security. See what BSIMM16 reveals about AI’s impact on AppSec priorities. https://jpmellojr.blogspot.com/2026/02/bsimm16-confirms-it-ai-redefines-appsec.html #AppSec #AISecurity #BSIMM16 #DevSecOps #BlackDuck
jpmellojrFeb 25
Open-source vulnerabilities are surging as AI-generated code floods repos, putting the software supply chain under new pressure. https://jpmellojr.blogspot.com/2026/02/ai-coding-boom-drives-surge-in-open.html #OpenSource #AIcoding #DevSecOps #OSS #BlackDuck
Ryan Daws 🤓Feb 25
Black Duck: AI coding demands modern supply chain governance https://www.developer-tech.com/news/black-duck-ai-coding-modern-supply-chain-governance/ #blackduck #devsecops #opensource #cybersecurity #ai #infosec #developers #technology
Black Duck: AI coding demands modern supply chain governance

According to Black Duck, supply chain governance must be modernised as rapid development from AI coding tools outpaces current approaches.

Developer Tech News
Dávid BárdosNov 10

I work with #FOSS IPR and licence check sometimes. Now, that #BlackDuck utilizes #AI extensively for assessing the open-source dependencies, the reliability of its reports dropped to be zero.

It hallucinates random Java, Python, RPM and other stuff as being your #go code's dependencies. 🤪 Also, you can get a random unmaintained helloworld repo as a project "you derived yours from" or an "unmarked dependency" because it is nothing but a single go file, two lock files and a README.md and your project happens to have last three out of that four making 75% mach. 🤦 Yes, the content is different, you may have 172 other files, but these 3 matches cannot be a coincidence...

Mikon DosogneApr 21, 2025
Yesterday, I saw a duck that I didn't recognize... apparently it's a hybrid between a black duck and a mallard! C'est un hybride entre un canard noir et un canard colvert! At Mud Lake, Ottawa.

Nikon D850, Sigma 300-800, f/8, 1/1250s, iso 500 processed in #darktable.

#hybrid #mallard #blackduck #ducks #birds #canards #photography #birdphotography #nature
ADMIN magazineMar 18, 2025
Report from Black Duck shows unmanaged open source components pose serious security risks
https://www.admin-magazine.com/News/Unmanaged-Open-Source-Components-Pose-Serious-Risks-Says-Black-Duck-Report?utm_source=SM
#BlackDuck #security #OpenSource #OSSRA #vulnerabilities #license #compliance #FOSS
Unmanaged Open Source Components Pose Serious R... » ADMIN Magazine

Open source software offers many benefits but, without proper management, can also involve “widespread vulnerabilities, license conflicts, and main...

ADMIN Magazine
Chinstrap CommunityMar 12, 2025

https://chinstrap.community/is-it-a-liability-or-is-it-an-asset-and-a-coss-opportunity/

#blackduck #coss #cybersecurity #opensource #oss #ossra

Is it a liability? Or is it a strength and a COSS opportunity?

On February 25, Black Duck released its tenth annual Open Source Security and Risk Analysis (OSSRA) report. The OSSRA “examines vulnerabilities and license conflicts found in over 950 codebas…

Chinstrap Community
Martin TodorovFeb 24, 2025

Here's my latest article on Medium titled "Why You Need To Bake Security Into Your CI/CD Pipelines".

I hope you find it interesting! :)

#blackduck
#cicd
#cyberark
#dast
#devops
#devsecops
#github
#hashicorp #hashicorpvault
#iac
#mendio
#sast
#sca
#terraform
#vault
#vcs

https://medium.com/devops-by-nature/why-you-need-to-bake-security-into-your-ci-cd-pipelines-7c53a32d5c4d?sk=fe8f572583f8d49f192cf84644686db3

Why You Need To Bake Security Into Your CI/CD Pipelines

Continuous Integration and Continuous Deployment (CI/CD) pipelines have become an indispensable part of the software delivery process. These pipelines enable rapid iteration, automated testing, and…

DevOps By Nature
Philip RowlandsFeb 2, 2025

Slightly sweary rant on the worst thing I ever had to do as a software engineer: manually auditing and confirming the licences of 2500+ npm packages. …

Four Months of Software Licensing Hell https://aceade.net/2025/02/02/four-months-of-software-licensing-hell/

This is why I hate JavaScript development.

#BlackDuck #burnout #JavaScript #npm #SoftwareDevelopment #SoftwareLicencing #venting

Four Months of Software Licensing Hell - Aceade's Tales

Slightly sweary rant on the worst thing I ever had to do as a software engineer: manually auditing and confirming the licences of 2500+ npm packages.

Aceade's Tales - Writing and other nonsense
jpmellojrJan 24, 2025
Discover the latest trends in software security with BSIMM15. Learn about the importance of SBOMs, AI security, and modern tooling. https://jpmellojr.blogspot.com/2025/01/bsimm15-shines-light-on-compliance-and.html #BSIMM15 #SoftwareSecurity #AI #BlackDuck #AppSec
BSIMM15 shines light on compliance and AI security — but updating tooling is key

Discover the latest trends in software security with BSIMM15. Learn about the importance of SBOMs, AI security, and modern tooling. more ...