Software Security

Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]

Continue Reading...

Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights […]

Continue Reading...

We’re excited to announce that the Synopsys Software Integrity Group was selected as the winner in the Threat Intelligence Management category for the 2017 NetworkWorld Asia Information Management Awards. Why is this award important? Attacks today are continuously advancing in sophistication, persistence, and volume. This results in an unmanageable stream of inconsistent, contradictory threat data […]

Continue Reading...

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report produced with VDC Research entitled “Skyrocketing Costs of Aerospace & Defense Systems Failure Fuel […]

Continue Reading...

For years, free and open source software (FOSS) has a had a negative connotation, with some developers forbidden to use it in final software product releases. The obvious downside in avoiding open source is that organizations run the additional risk of introducing avoidable vulnerabilities. For example, an organization with no cryptographic experience should not be […]

Continue Reading...

Software developers and information security professionals have almost always been two mutually exclusive groups. However, with the increase in security awareness, developers have started integrating security into the development process. To further bridge the gap between development and security, it is essential for developers to have a good understanding of security principles. In this post, […]

Continue Reading...

In a new report, Synopsys identifies that 50% of the vulnerabilities found in software today are more than four years old. In almost every case, a newer, more secure version of the vulnerable software component is available. The Synopsys report, The State of Software Composition 2017 uses the Synopsys Software Composition Analysis tool, Protecode SC, […]

Continue Reading...

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report: The State of Software Composition 2017. You can always join the discussion by sending us […]

Continue Reading...

With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that: Are running SAMBA 3.5.0 or later Provide file- and printer-sharing on port 445 Are addressable from the internet Contain shared files Include write privileges Involve guessable […]

Continue Reading...

As a kid, I often traveled by train in India. I always wondered what would happen if I pulled the chain under the sign that read, “To Stop Train, Pull Chain.” My parents warned me that it would cost them a fortune to pay the fine and that I’d be taken away by the police. […]

Continue Reading...