Software Integrity

The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. Let’s look back at some of the security news from 2017. Record number of vulnerabilities The number of publicly disclosed vulnerabilities in 2017 far exceeds the number […]

Continue Reading...

Synopsys recently conducted a survey of 274 respondents to identify the role that security plays within organizational development teams. Participants represented a variety of job functions, including software developers, software engineers, quality assurance, software security, and audit/compliance team members. Responses are equally represented for companies under 1,000 employees and companies with 1,000+ employees. Here are […]

Continue Reading...

In July 2017, PayPal completed its acquisition of TIO Networks for $238 million. TIO Networks, a multichannel payment processor, serves over 16 million consumer bill pay accounts and offers solutions for payment services to financially underserved consumers and consumer services. Fast-forward to Nov. 10, 2017, when PayPal announced the suspension of TIO Networks’ operations due […]

Continue Reading...

A new Synopsys survey reveals that customer-facing web and mobile applications are the top security challenge for IT professionals in Asia. From Sept. 19 to 21, 2017, Synopsys conducted a survey at Singapore International Cyber Week (SICW), the region’s most established cyber security event. We spoke to 244 C-level IT professionals, managers, and executives in […]

Continue Reading...

The definition of responsible vulnerability disclosure varies based on who you ask. Tech goliath Microsoft has openly disagreed with Google on this very topic, as outlined by The Verge. In the vulnerability management industry, discretion is key. Because we’re continuously handling vulnerabilities that can be used maliciously by black hats, there are widespread implications and […]

Continue Reading...

Over the past few years, we’ve seen a variety of TLS vulnerabilities steadily surface. In general, we brand each one as “just another TLS vulnerability,” but the intricacies of each are rather distinct, though not horribly convoluted. Let’s walk through a few together.  2014: Heartbleed and POODLE Heartbleed affects the OpenSSL library’s implementation of a […]

Continue Reading...

Many app developers have questions like “Is the device my app runs on reliable? Is it trustworthy? Could it be ‘rooted’?” Answering questions such as these can be difficult. In an area traditionally dominated by root detection products and DIY techniques, Google attempts to respond to this request: “OK Google, what do you think about […]

Continue Reading...

In anticipation of Black Friday, we want to help spread awareness of potential security concerns affecting people who either buy or sell products or services through digital means. There are many scams that fraudsters attempt when targeting victims online. Falling for a scam can be as simple as clicking on an email link or visiting […]

Continue Reading...

Our energy and water infrastructure holds up the world we know, but very few understand how delicate it can be. There is a constant demand to monitor and protect this infrastructure, whose components often have been running nonstop for decades, with few understanding how they work. This hole in the safety net that protects these […]

Continue Reading...

A 2015 Gartner report estimated that 25% of Global 2000 organizations would be using DevOps and Agile development practices as part of their mainstream strategies by the close of 2016. Our experience with Synopsys customers confirms this prediction has come true. In Agile development, passes through the software development life cycle (SDLC) occur more often […]

Continue Reading...