Software Integrity

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Ken Modeste of UL at this year’s codenomi-con 2017, held at the end of July at the House of […]

Continue Reading...

Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]

Continue Reading...

In recent days, more details concerning the Equifax breach have come to light. There’s now speculation that attackers exploited a vulnerability in Apache Struts to steal data. There has also been plenty of speculation regarding the exact vulnerability that may have been exploited. The Apache Struts theory The Apache Struts Program Management Committee released a […]

Continue Reading...

It started with a hackathon Every once in a while, Synopsys’ R&D teams organize internal hackathons. During one such event concentrating on the security of open source software, Tuomas Haanpää from Synopsys’ Fuzz Testing–focused R&D group decided to run the NFSv3 test suite against the Linux kernel. The results proved to be quite fruitful. Anomalized […]

Continue Reading...

On Sept. 7, Equifax announced that attackers had stolen information from about 143 million people in the United States. Canadian and U.K. residents’ data was also stolen. However, Equifax has not yet revealed the number of people affected. We do not know the exact vulnerability that was exploited. Equifax stated only that “criminals exploited a […]

Continue Reading...

Modern mobile device users often have their devices tightly integrated into daily life. From banking apps to social media feeds, these applications are high visibility targets for hackers and thieves looking to exploit weaknesses or hijack vulnerabilities. By ramping up mobile app security, vendors ensure the safety and security of their users and their infrastructure. […]

Continue Reading...

Most organizations follow common development processes when creating software. Unfortunately, these processes offer little support to construct secure software as they typically identify security defects in the verification (i.e., testing) phase. Fixing defects that late in the software development life cycle (SDLC) is often quite expensive. A better practice is to integrate security activities across […]

Continue Reading...

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Chenxi Wang at this year’s codenomi-con 2017, held at the end of July at the House of Blues in Mandalay […]

Continue Reading...

In software development shops across the world there is a strong emphasis on quality over security. But, these two key practices in the development process are not mutually exclusive. They are, in fact, two sides of the same coin joined together by their similar processes, artifacts, and goals. These include testing the software for defects, […]

Continue Reading...

The director of software development comes into your office in a panic. “We’ve got to do MISRA… stat! Legal insists on it; our customers are demanding it.” Your heart sinks. If you’ve ever been to Yosemite, you’ll know there are two ways to the summit of Half Dome: one way has fairly gradual—or at least […]

Continue Reading...