- All Products
- Software Integrity
- Semiconductor IP
- Verification
- Design
- Silicon Engineering
- Application Security Services
- Dynamic Analysis (DAST)
- Mobile Application Security
- Penetration Testing
- Managed Static Analysis
- All Services
- Software Security
- Silicon Design
- Community
- Academic Programs
- Electronic Design
- Optical Design
- Static Analysis
- About Us
< All Products
< All Products
< All Products
< All Products
< All Products
< All Products
< overview
All Products
+ Software Integrity + Semiconductor IP + Verification + Design + Silicon Engineering + Optical Solutions< Software Integrity
< Software Integrity
Application Security Services
Dynamic Analysis (DAST) Mobile Application Security Penetration Testing Managed Static Analysis< Software Integrity
< Software Integrity
< Software Integrity
Blog
< Software Integrity
Support
< overview
Software Integrity
+ Application Security Products + Application Security Services + Resources + Training & Education Blog Support< Semiconductor IP
< Semiconductor IP
Memories & Libraries
Logic Libraries Memory Compliers Duet Packages HPC Design Kit Embedded Test & Repair Non-Volatile Memory< Semiconductor IP
< Semiconductor IP
Processor Solutions
ARC Processors Embedded Vision Processors Development Tools Operating Systems Ecosystems ASIP Tools< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< Semiconductor IP
< overview
< Verification
< Verification
< Verification
< Design
< Design
< Design
< overview
< Silicon Engineering
< overview
< main menu
< Solutions
< Solutions
Industry Solutions
Automotive Cloud Computing Financial Services Industrial Controls Systems Healthcare Mobile Devices< Solutions
< overview
< All Services
< All Services
< All Services
< overview
< Software Security
Software Security Professional Services
Embedded Software Testing Insider Threat Detection Red Teaming Secure Coding Guidelines Software Architecture & Design Thick Client Testing< Software Security
Managed Services
< Software Security
Program Development & Design
Maturity Model (BSIMM) Maturity Action Plan (MAP) Policies & Standards Security Metrics Software Security-in-a-Box< Software Security
< Software Security
Support
< overview
< Silicon Design
< Silicon Design
< Silicon Design
< Silicon Design
< main menu
< Community
Community
Community Overview< Community
< Community
< Community
Interoperability
ARC Access HAPS Connect HSPICE Integrator In-Sync System-Level Catalyst TAP-in VC Apps Access< Community
< Community
< Community
< overview
Community
+ Community + SNUG + Partners + Interoperability + Academic Programs + Company Blogs + BSIMM< About Us
< About Us
< About Us
< About Us
< About Us
Software Security
Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]
Adding communications to cars and the transportation infrastructure provides cool new services (e.g., safe driving, faster transit times, etc.). From a security perspective, it also widens the threat landscape. Potentially, a bad actor sitting along the roadside with wireless access might be able to mess with the internal workings of your car or the traffic lights […]
We’re excited to announce that the Synopsys Software Integrity Group was selected as the winner in the Threat Intelligence Management category for the 2017 NetworkWorld Asia Information Management Awards. Why is this award important? Attacks today are continuously advancing in sophistication, persistence, and volume. This results in an unmanageable stream of inconsistent, contradictory threat data […]
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report produced with VDC Research entitled “Skyrocketing Costs of Aerospace & Defense Systems Failure Fuel […]
For years, free and open source software (FOSS) has a had a negative connotation, with some developers forbidden to use it in final software product releases. The obvious downside in avoiding open source is that organizations run the additional risk of introducing avoidable vulnerabilities. For example, an organization with no cryptographic experience should not be […]
Software developers and information security professionals have almost always been two mutually exclusive groups. However, with the increase in security awareness, developers have started integrating security into the development process. To further bridge the gap between development and security, it is essential for developers to have a good understanding of security principles. In this post, […]
In a new report, Synopsys identifies that 50% of the vulnerabilities found in software today are more than four years old. In almost every case, a newer, more secure version of the vulnerable software component is available. The Synopsys report, The State of Software Composition 2017 uses the Synopsys Software Composition Analysis tool, Protecode SC, […]
Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report: The State of Software Composition 2017. You can always join the discussion by sending us […]
With just one line of code, a malicious attacker can exploit a recently disclosed seven-year-old vulnerability in SAMBA. Known as CVE-2017-7494, the vulnerability affects Linux and Unix systems that: Are running SAMBA 3.5.0 or later Provide file- and printer-sharing on port 445 Are addressable from the internet Contain shared files Include write privileges Involve guessable […]
As a kid, I often traveled by train in India. I always wondered what would happen if I pulled the chain under the sign that read, “To Stop Train, Pull Chain.” My parents warned me that it would cost them a fortune to pay the fine and that I’d be taken away by the police. […]
Categories
- Agile Methodology (17)
- Application Security (162)
- Automotive Security (38)
- CI/CD (2)
- Cloud Security (15)
- Code Review (21)
- Cryptography (1)
- Data Breach (39)
- DevOps (4)
- Dynamic Analysis (DAST) (12)
- Embedded Software Testing (18)
- Ethical Hacking (6)
- Featured (3)
- Financial Services Security (16)
- Fuzz Testing (11)
- Government Security (12)
- Healthcare Security (23)
- Industrial Control System Security (8)
- Insurance Provider Security (3)
- Interactive Application Security Testing (IAST) (2)
- Internet of Things (50)
- JavaScript Security (3)
- Maturity Model (BSIMM) (41)
- Medical Device Security (30)
- Mobile Application Security (44)
- Network Security (26)
- Open Source Security (31)
- OWASP (6)
- Penetration Testing (15)
- Red Teaming (12)
- Secure Coding Guidelines (4)
- Security Architecture (9)
- Security Conference or Event (36)
- Security Metrics (11)
- Security Risk Assessment (33)
- Security Standards and Compliance (21)
- Security Training (38)
- Smart Grid Security (2)
- Software Architecture and Design (13)
- Software Composition Analysis (7)
- Software Development Life Cycle (SDLC) (46)
- Software Security Program Development (37)
- Software Security Testing (200)
- Static Analysis (SAST) (41)
- Threat Intelligence (5)
- Threat Modeling (25)
- Vendor Risk Management (11)
- Vulnerability Assessment (106)
- Web Application Security (50)
Archives