Our Blog
Featured Posts
Recent Posts
Former-developers Code Ownership: Governance’s First Enemy
Identifying Former Developers and Their Code Contributions Former developers are individuals who have left an organization but still hold significant ownership of parts of the codebase they contributed to while employed. Despite no longer being part of the active...
A Technical Due Diligence Guide for Investing in Software Teams
Whether you're performing a routine audit and preparing for a major transformation in your own company, or an investor looking into a partnership's potentiality, understanding the technology ecosystem's key components can provide vital insights. This guide will help...
Licensing assessment in Tech Due Diligence: MIT vs GPL vs LGPl vs AGPL vs Mozilla (MPL) vs Apache vs BSD
In today’s software landscape, open-source software (OSS) has become an integral part of development practices, offering developers access to a vast array of libraries, frameworks, and tools. However, using open-source code comes with legal obligations, specifically...
Understanding Software Bill of Materials (SBOM): A Crucial Tool in Software Supply Chain Security
Managing and securing code involves more than just internal development processes; With software increasingly relying on third-party libraries, open-source components, and cloud-based services, understanding the entire software supply chain has become essential. This...
Static Application Security Testing (SAST): Is the team careful writing the code?
When building secure software, one of the key factors that can make or break a system is the care taken during the code-writing process. Static Application Security Testing (SAST) is designed to catch potential vulnerabilities early in the development cycle, ensuring...
Types of Security Testing in Technical Assessment and Due Diligence: SCA vs SAST vs DAST
This post is also available as a podcast on Spotify and Youtube Imagine you’re tasked with assessing the structural integrity of a building that has already been built or is still in the process of construction. The challenge is to ensure that the building is safe,...
Dynamic Application Security Testing (DAST): How Safe is Your Application in Action?
In the world of software security, understanding how your application behaves in real-world conditions is critical. Dynamic Application Security Testing (DAST) is designed to do exactly that: it tests your running application for vulnerabilities by simulating attacks....
Software Composite Analysis (SCA): How secured are the dependencies?
This post discusses Software Composition Analysis (SCA), a security test focused on identifying vulnerabilities and licensing issues in third-party libraries and dependencies. It highlights how SCA fits into security testing alongside SAST and DAST, and outlines actions like upgrading, replacing, or patching insecure components to protect your software. Continuous monitoring is emphasized to maintain security over time.
Code Governance and Ownership assessment
Effective code governance and ownership are crucial for the success of any software project. Clear ownership structures, whether at the company, team, or module level, ensure accountability, streamline decision-making, and mitigate risks associated with abandoned or poorly maintained code.
