Software Integrity

Archive for 2017

 

How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]

Continue Reading...

Posted in Application Security, Cloud Security, Data Breach, Software Security Program Development, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?

 

Open source vulnerabilities: Are you prepared to run the race?

Originally posted on SecurityWeek.  After going through 24 seasons of cross-country, winter track, and spring track with my boys, I fully understand that if you put your toe on the line, you had better be prepared to race, or bad things happen. As the use of open source continues to rise, many organizations are putting […]

Continue Reading...

Posted in Data Breach, Open Source Security, Software Composition Analysis | Comments Off on Open source vulnerabilities: Are you prepared to run the race?

 

Container adoption by the numbers

Organizations today work in a continuous delivery environment, requiring speed and agility in deployment and the ability to monitor applications once deployed. These requirements are accelerating the adoption of containers in the production environment. In October, DockerCon Europe revealed that 24 billion containers have been downloaded. Not surprisingly, there’s been a corresponding 77,000% growth in […]

Continue Reading...

Posted in Application Security, Containers, DevOps, Security Conference or Event | Comments Off on Container adoption by the numbers

 

7 things to consider when transitioning your applications to the Cloud

Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the Cloud (or using the Cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]

Continue Reading...

Posted in Agile Methodology, Cloud Security, DevOps | Comments Off on 7 things to consider when transitioning your applications to the Cloud

 

Top security breaches of 2017 (+2018 cyber security predictions)

The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. Let’s look back at some of the security news from 2017. Record number of vulnerabilities The number of publicly disclosed vulnerabilities in 2017 far exceeds the number […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on Top security breaches of 2017 (+2018 cyber security predictions)

 

Infographic: Set the course for developers to navigate software security

Synopsys recently conducted a survey of 274 respondents to identify the role that security plays within organizational development teams. Participants represented a variety of job functions, including software developers, software engineers, quality assurance, software security, and audit/compliance team members. Responses are equally represented for companies under 1,000 employees and companies with 1,000+ employees. Here are […]

Continue Reading...

Posted in Application Security, Infographic, Secure Coding Guidelines | Comments Off on Infographic: Set the course for developers to navigate software security

 

8 takeaways from NIST’s application container security guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on Operations teams […]

Continue Reading...

Posted in Application Security, Containers, DevOps | Comments Off on 8 takeaways from NIST’s application container security guide

 

The 4 most important secure development disciplines

Being the most innovative and successful cloud monitoring company on the market, developing new features to production every day, it’s not only crucial to deliver the best user experience, performance and high reliability, but also guarantee the highest SECURITY for our customers. To not let security measures slow down our agile and innovative value creation […]

Continue Reading...

Posted in Cloud Security, DevOps, Penetration Testing, Static Analysis (SAST) | Comments Off on The 4 most important secure development disciplines

 

Synopsys named a leader in static application security testing

We’re proud to announce that Synopsys has been positioned as a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017. The in-depth report evaluates the 10 most significant vendors in static application security testing (SAST), assessing their strengths and weaknesses across 29 criteria in three categories. Synopsys Static Analysis (Coverity) is the highest-ranked […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST) | Comments Off on Synopsys named a leader in static application security testing

 

Synopsys strengthens Software Integrity Platform with Black Duck acquisition

Today, Synopsys completed the acquisition of Black Duck Software, a well-respected, established leader in Software Composition Analysis (SCA), which helps organizations identify open source components in their software and check those components for known security vulnerabilities. The two companies are strategically aligned, with a shared vision of building security and quality into the software development […]

Continue Reading...

Posted in Application Security, Open Source Security | Comments Off on Synopsys strengthens Software Integrity Platform with Black Duck acquisition