Software Integrity

 

Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing

Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing

I’m proud to report that the 2018 Gartner Magic Quadrant for Application Security Testing has positioned Synopsys as a leader for the second consecutive year. This designation clearly illustrates our growing vision and ability to execute on our solutions.

Building a track record of leadership

I’d like to take a moment also to call out the fact that Synopsys has been recognized as a leader by Gartner 2 years in a row and by Forrester and IDC in recent reports. I can see that with this recognition, the Synopsys team is motivated and empowered to continue improving and striving for excellence.

One way we’ve been proactive about enacting positive change is with a recent addition to the Synopsys Software Integrity Group. In December 2017, we welcomed the Black Duck Software team to the Synopsys family. Software development is undergoing sweeping and rapid changes, and one of those changes is the increasing use of open source software (OSS). Software composition analysis (SCA) products like Black Duck Hub enable organizations to identify open source components in their software and check those components for known security vulnerabilities and license compliance.

According to Gartner, “[SCA solutions] ensure that the enterprise software supply chain includes only components that have undergone security testing and, therefore, supports secure application development and assembly. Gartner clients are increasingly seeking these capabilities from AST vendors.”

Consequently, the Black Duck acquisition furthers our vision to offer the most comprehensive software security portfolio on the market.

No resting on our laurels

We fully recognize that leadership is a relentless journey, so Synopsys is focused on continuing to grow and enhance our portfolio. We are also working hard to ensure our products are well-integrated to complement and extend one another so our customers get the full value from our portfolio.

We are consolidating products, aligning corresponding technology stacks, and focusing on usability improvements to ensure customers have a consistent, intuitive experience. These efforts will coalesce into a unified platform with better integration and consolidation of the tools in our portfolio, both acquired and home-grown tools like our interactive application security testing (IAST) offering.

To truly test your software, you need to test the code you write, the code you acquire from open source, and the software in its runtime environment. The Synopsys portfolio features clear leadership in all three of these areas, and we are working hard to build powerful and seamless integrations between these tools to make them easier to use and apply.

The future is DevOps

According to Gartner, “By 2019, more than 50% of enterprise DevOps initiatives will have incorporated application security testing (AST) for custom code, an increase from fewer than 10% today.”

This claim pairs nicely with the strength Gartner calls out in SAST in IDE (SecureAssist). Essentially a spell-checker for security, SecureAssist aligns well with DevOps organizations by providing strong integration with IDEs to find and remediate vulnerabilities early in the development process. This year, we also introduced support for JavaScript analysis with SecureAssist. We are hard at work creating a fully integrated offering that pairs the innovation and “shift left” capabilities found in SecureAssist with the proven, powerful capabilities of Static Analysis (Coverity).

Synopsys also offers agile integration solutions to help your team build security into dynamic release cycles, CI/CD security solutions to inject security measures into your CI/CD pipeline, and SCA to test for vulnerabilities in open source software and third-party code. In the companion research piece to the Magic Quadrant, Critical Capabilities for Application Security Testing, Synopsys received the highest “product or service score for DevOps.”

“With the emergence of DevOps, software development and deployment is an increasingly rapid and iterative process. To effectively mitigate risk without sacrificing speed and productivity, it is more important than ever that organizations build security into their DevOps processes and toolchains.”

—Andreas Kuehlmann,
general manager of the Synopsys Software Integrity Group

We’re ready to meet the challenges your firm is facing and support your team on the journey to more secure, higher-quality software.

For more information, download your copy of the 2018 Gartner Magic Quadrant for Application Security Testing.

Download report