Software Integrity

Now more than ever, deciding on a career is a daunting prospect. Yes, unemployment’s at a record low, and new jobs will inevitably replace whatever jobs are lost to “progress.” But those seeking new careers now have to consider that their next career will probably not be their last one. Between artificial intelligence, robots, and […]

Continue Reading...

In early October, we released the latest version of the BSIMM report, BSIMM9. While many things about the report haven’t changed much, it’s the new things that make it really exciting. After 10 years of study and 167 total firms measured, we’re seeing interesting trends in the state of software security initiatives and how firms […]

Continue Reading...

The original version of this article was published in Forbes. “Smart but insecure” sounds like you’re talking about a high achiever who needs therapy. Which you could be. But in the online world, it applies to semi-animate objects—the hundreds of millions of devices in American homes that are, at one level, smart. They range from […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Remote robbery by Hidden Cobra, a breach by any other name, and facing down the Fourth and Fifth Amendments. Watch this week’s episode here: Hidden […]

Continue Reading...

The world looks different when you’re in the cloud. As you move to a cloud environment from an on-premises environment, you’ll encounter a whole new set of processes and demands. Access expands. Responsibilities change. Control shifts. The speed of provisioning resources and applications increases. And these changes significantly affect all aspects of IT security. Security […]

Continue Reading...

The original version of this article was published in Forbes. We’re all familiar with saber rattling. But this is the digital age. Welcome to the world of cyber rattling. This version of it comes in two policy papers from the U.S. government: the White House Cyber Policy and the Department of Defense (DoD) Cyber Strategy. One of […]

Continue Reading...

October is National Cybersecurity Awareness Month. By now you’ve heard a story—or you have a story—about someone mentioning a product casually in a conversation and later seeing an online ad for the product. Once is coincidence. Twice is surprising. But every other day? How do web and mobile ads somehow seem to know what your […]

Continue Reading...

Automation in the cloud can help you build faster and deliver continuously, but it can also make managing security a challenge. By integrating Black Duck by Synopsys with the development tools you use in Amazon Web Services, you can scan images in your container registry, automate build scans in your CI pipeline, and stay notified […]

Continue Reading...

The use of open source has surpassed the occasional and solidified itself as the standard. In fact, the Black Duck by Synopsys 2018 Open Source Security and Risk Analysis found that 96% of the applications we scanned last year contained open source components. It’s increasingly difficult to properly manage open source in an organization to ensure […]

Continue Reading...

Every organization that develops or integrates software needs a software security initiative (SSI)—that has been true for years. Security is, or ought to be, as important as function and features. What is also true now, given that the large majority of organizations have already migrated or are planning to migrate some or all of their […]

Continue Reading...