Software Integrity Blog

Synopsys adds more awards to its 2019 winning streak

Seeker IAST won a Gold International Stevie Award for DevOps Solution, and our Polaris platform won for Software Development Solution.

Continue Reading...

Mobile apps: Insecure by default

There’s a lack of robust mobile app security on billions of devices people carry around. Why is it such a problem, and what can developers do to solve it?

Continue Reading...

Why your SAST tool needs to understand your web framework

Web frameworks can introduce security issues into web applications. Mitigate this risk with a static analysis tool that understands the frameworks you use.

Continue Reading...

[Webinar] Vulnerability reporting alternatives to NVD data feeds

National Vulnerability Database provide valuable information on newly reported vulnerabilities. But there’s a better, faster alternative to NVD data feeds.

Continue Reading...

3 reasons to join us at FLIGHT Boston

At FLIGHT Boston 2019, we’ll have two full-day product training sessions, tracks in AppSec, open source, and DevOps and cloud, and plenty of networking.

Continue Reading...

Review of Apache Struts vulnerabilities yields 24 updated advisories

We found that 24 Apache Struts Security Advisories incorrectly list impacted versions and that previously disclosed vulns affect an additional 61 versions.

Continue Reading...

[Infographic] Financial cybersecurity by the numbers

A recent report on financial cybersecurity practices found that while organizations are aware of risks, they need more resources to address those risks.

Continue Reading...

The license and security risks of using Node.js

The use of Node.js is rising. But many organizations don’t know about the potential license and security risks that Node.js can pose for their applications.

Continue Reading...

[Webinars] DevOps, security tool abuse, Coverity and Threadfix

Practice DevSecOps with automated continuous testing, defend your apps from security tool misuse, and learn how Coverity and ThreadFix enable developers.

Continue Reading...

Financial services cybersecurity still porous: Report

A new financial services cybersecurity report reveals an industry aware of online threats but not doing enough to protect its systems, networks and data.

Continue Reading...