Black Duck

What 2024 taught us about security vulnerabilties
From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical …

Critical vulnerabilities persist in high-risk sectors
Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest …

Open source security: The risk issue is unpatched software, not open source use
Many of the trends in open source use that have presented risk management challenges to organizations in previous years persist today. However, new data also suggest that an …

The percentage of open source code in proprietary apps is rising
The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging …

Preventing good containers from going bad
Containers go bad everyday, and often without warning. All it takes is one CVE impacting an image, and now all containers deployed using this image are at an increased level …

Organizations are not effectively dealing with open source security threats
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & …
Featured news
Resources
Don't miss
- Threat actors are using legitimate Microsoft feature to compromise M365 accounts
- North Korean hackers spotted using ClickFix tactic to deliver malware
- Sandworm APT’s initial access subgroup hits organizations accross the globe
- PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)
- The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance