Software Integrity Blog

How to cyber security: Faceplanting in 10 lines of code

Failure to address security early in the software development life cycle can increase business risks. Learn how a proactive, holistic approach helps achieve more-secure software.

Continue Reading...

How to evaluate the ROI of your software security program

The ROI of software security is difficult to calculate when the goal is to avoid a breach. Learn where to look for ROI in an AppSec program to maximize your investment.

Continue Reading...

Demystifying CVSS Scoring

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Continue Reading...

Assessing design quality for better software due diligence

Design quality audits are sometimes overlooked in software due diligence, but they are vital to understanding the overall health of a company’s software system.

Continue Reading...

Forrester recognizes Synopsys as a leader in static application security testing

We’re proud to announce that Synopsys has been named a leader in The Forrester Wave™: Static Application Security Testing, Q1 2021. Find out why.

Continue Reading...

What is the cost of poor software quality in the U.S.?

The total cost of poor software quality in the U.S. is estimated at $2.08 trillion. Learn what contributes to the cost and how security can help minimize errors.

Continue Reading...

Don’t get overwhelmed with trivial defects. Manage them!

Misuse of security tools can lead to defect overload for development teams. Knowing when and how to use these tools will yield more effective DevSecOps.

Continue Reading...

AppSec Decoded: Threats to IoT devices and the role of government regulation

Our latest AppSec Decoded video addresses the biggest threats to IoT devices and the role governments should play in IoT regulation.

Continue Reading...

DevSecOps: The good, the bad, and the ugly

DevSecOps offers benefits—but it also has its challenges. Learn why companies are making the shift and why it’s not always easy.

Continue Reading...

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

CVE-2020-28052 is an authentication bypass vulnerability discovered in Bouncy Castle’s OpenBSDBcrypt class. It allows attackers to bypass password checks.

Continue Reading...