Software Integrity

Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts. Tracking open source can be difficult in containerized production environments, which pose new challenges to application security. Organizations need visibility into the open […]

Continue Reading...

Synopsys is well-known for our software integrity portfolio: integrated testing tools, managed services, professional services, and developer education. But products, services, and training aren’t all we offer. We also perform hundreds of Black Duck On-Demand open source audits every year. And all that audit data fuels the open source security research and vulnerability analysis we […]

Continue Reading...

Hacking Security is a monthly podcast on emerging trends in application security development. What is Hacking Security? Episode 1 covers how we came up with the name “Hacking Security.” Why did we decide on this name? Take five minutes to learn more, or read the transcript below. Follow Steve Giguere on Twitter Read Steve Giguere’s […]

Continue Reading...

This article was originally published in Forbes. The cybersecurity of connected medical devices—notoriously poor for decades—should finally start to improve. That is genuinely good news. But it is tempered by the reality that it will not happen quickly. The long-overdue change is coming thanks to the federal Food and Drug Administration’s (FDA) announcement in June that it […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? CamuBot malware is the new kid on the block, the sounds of hacking (SonarSnoop), and back to the government’s wish for chat backdoors. Watch this […]

Continue Reading...

According to privacy advocates, Google has a problem with truth in labeling. No, not about its surreptitious tracking of users who have turned their Location History off, which has sucked up most of the headline space over the past few weeks. This is about the rollout of their allegedly “confidential” Gmail feature. Confidential mode doesn’t […]

Continue Reading...

Development and operations teams have already come a long way by aligning around the shared goal of delivering stable, high-quality software quickly. They’ve automated manual processes and built tools into continuous integration and continuous delivery (CI/CD) pipelines. In doing so, they’ve increased trust between groups, which is essential as these once-disparate teams tackle critical issues […]

Continue Reading...

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup. What’s in this week’s Security Mashup, you ask? Fixing the CVE program, your personal data has already “checked out,” and it even “may potentially” have taken flight. Watch this week’s episode below to […]

Continue Reading...

“Leaky” is almost never a good thing. The whole idea, in just about any case, is to make things that don’t leak and to plug things that do. And that’s true of cyber security, as demonstrated by a couple of recent incidents involving leaky APIs (application programming interfaces). Hacked at Black Hat A couple of […]

Continue Reading...

“You can pay (a little) now or you can pay (a lot) later” is a very old line—a pitch for oil filters almost 40 years ago. Unfortunately, it remains relevant in cyber security, especially when it comes to ransomware. And especially when that ransomware is the potent, pernicious SamSam. The “trade-off” is stark: You can […]

Continue Reading...