@niane profile picture
Aliou Niane @niane

Prefer the free world!

Joined June 2008
  • Tweets 3,645
  • Following 1,006
  • Followers 650
1,196 Photos and videos
"The report's thesis is clear: Organizations need governance to unlock AI's true potential. Without it, the hours developers save each week are swallowed by the manual chaos of downstream testing and rework." 👉 bit.ly/4ebJqbt #BlackDuck sprou.tt/1xcolCRMiSG

Why Code Velocity Calls for Ruthless AI Governance

Black Duck research shows that while AI adoption has fundamentally solved the code production bottleneck, it has also broken the code review pipeline.

secureworld.io
1
2
0:05
"The future of AppSec won’t be defined by fear of AI-generated code. It will be defined by how organisations contextualise risk, scale judgment, and support faster decisions." Black Duck's Andrew Bolster on the impact of AI on AppSec. #BlackDuck sprou.tt/1OUl5KYtuP7

"AI didn’t invent new classes of risk. It poured fuel onto existing ones."

Dr Andrew Bolster sets out new security approaches that respond to the accelerating pace of AI-enabled software development.

machine.news
1
1
26
Black Duck is proud to be the Gold Sponsor at the 3rd Edition India DevSec Show 2026 in Mumbai. Check out our booth for the Black Duck Polaris™ Platform, where we integrate AppSec to match the speed of AI-powered development. #BlackDuck #IndiaDevSecShow
8
Black Duck's State of AI-Powered Software Development Report is here: ✅ 92% of dev teams report improved productivity with AI coding assistants  🚧 Governance kept pace making it the industry's most urgent problem right now bit.ly/3SdKqEG #AICodeSecurity #BlackDuck
4
The campaign represents a shared failure of controls across the entire mobile ecosystem and is more than just a simple user awareness issue said Vineeta Sangaraju, AI research engineer at Black Duck. #BlackDuck #MobileSecurity #InfoSec sprou.tt/1VyFVTuccf7

Fake Android Apps Commit Carrier Billing Fraud

The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions.

darkreading.com
5
Martin Hester, head of EMEA partner sales at Black Duck, argues that partners should focus on embracing automation to handle the mechanics and focus the human element on interpretation, prioritisation, reassurance and strategic alignment. sprou.tt/1bsVe24pBCx

The need for the human touch in an AI-dominated world | Microscope

Even in the age of artificial intelligence, the great strength of the channel – people selling to people – remains as important as ever.

computerweekly.com
5
Boris Cipot, Principal Security Engineer at Black Duck, spoke to Computing today about the GitHub breach, in which a poisoned VS Code extension led to the theft of data from thousands of the platform's internal repositories. #BlackDuck #AppSec #GitHub sprou.tt/1BysdPfixe5

GitHub confirms major breach linked to poisoned VS Code extension

Hackers have stolen data from thousands of GitHub's internal code repositories after compromising an employee's device through a malicious extension for Visual Studio Code.

computing.co.uk
1
31
Black Duck's Phil Odence speaks with International Security Journal on the impact of AI on open source. 👉 Read the full article: bit.ly/4nHg758 #BlackDuck #InternationalSecurityJournal sprou.tt/1bGHyBdfE6B

Open source isn’t retreating - it’s growing up

International Security Journal hears exclusively from Phil Odence, General Manager of Black Duck about open source security.

internationalsecurityjournal.com
1
6
“Threat actors like TeamPCP deliberately target trusted tools, open-source packages, and developer workflows because they provide indirect access to many downstream environments.” - Black Duck's Boris Cipot #BlackDuck sprou.tt/1yZwyZlBMjI

GitHub breach: The development ecosystem is in the hot seat | RL Blog

This TeamPCP attack is a serious wakeup call about software supply chain security — and the problems with implicit trust.

reversinglabs.com
32
Christopher Jess, senior R&D manager at Black Duck on the AI problem in financial institutions. Read more: bit.ly/4vfguGG sprou.tt/1iT2SC7oo2x

Shadow AI Is Already Inside Financial Services, Whether You Like It or Not - ISMS.online

What can be done to regain control as the financial industry’s shadow AI issue gets worse?

isms.online
8
AppSec needs context - not noise. We’re at Infosecurity Europe June 2–4 showing what agentic AI AppSec looks like in practice. Stop by booth C110. Coffee’s on us. sprou.tt/1ljaXL6sbvP

Register your interest

infosecurityeurope.com
15
2
DevOpsCon Berlin is almost here. Find Black Duck in the Expo Area, and come talk DevSecOps, software security, AI, and compliance with our experts. 👉 Visit our booth. sprou.tt/1J8KN1fvVUh
8
Collin Hogue-Spears from Black Duck, says: “Vulnerability exploitation topped the DBIR because AI-accelerated attacks outrun patching. AI did not create that gap. AI erased the head start defenders used to have." #BlackDuck sprou.tt/1qBkTWF1wgB

Verizon DBIR 2026: What The Experts Are Saying 

Hear from several security experts to get their views on the DBIR and what it means for today's businesses. Read more...

informationsecuritybuzz.com
9
Robert Coles, senior manager of threat intelligence security at Black Duck, said from a defensive standpoint, this reinforces the need to maintain strong baseline configurations ensuring that foundational controls remain enabled. #BlackDuck sprou.tt/1cKudaWvHCx

Critical bug in F5 NGINX actively exploited

Experts raise concerns because NGINX runs in front of one-third of al website worldwide.

scworld.com
1
14
In this on-demand webinar learn how to turn SAST into an enforceable, audit-ready control that fits inside real engineering environments without grinding developer velocity to a halt. 🎥 Watch now → bit.ly/49JspnG #SAST #AppSec #BlackDuck
41
“Defenders should shift macOS detection from file signatures to behavior, because Reaper executes through legitimate Apple tools and drops no obvious malicious app for a scanner to catch,” said Collin Hogue-Spears.  #SHub #Reaper #BlackDuck sprou.tt/1EsRoPAtWLM

SHub Reaper impersonates Apple, Google, and Microsoft in one MacOS attack chain

The latest SHub macOS infostealer variant abandons Terminal-based ClickFix tactics for AppleScript execution, using fake Apple, Google, and Microsoft branding to steal credentials, crypto wallets,...

csoonline.com
31
In this demo, see how Black Duck Code Sight integrates directly into your IDE to identify vulnerabilities, license risks, and insecure coding patterns as you write.  👉 Watch the demo: bit.ly/4nsayar #Cursor #AICodeSecurity sprou.tt/1jxBXTRcc2l

Securing AI‑Generated Code with Cursor and Black Duck Code Sight

AI coding assistants can dramatically accelerate development—but th...

youtube.com
24
sprou.tt/14c7R9YOswK

What Security Leaders Say About the First AI-Developed Zero-Day Exploit

Security leaders discuss the first AI-created zero-day exploit. 

securitymagazine.com
1
Load more