Software Integrity Blog

Search Results for 'software security initiative'


Software security initiative capabilities: Getting started

A software security initiative (SSI) often begins with one of three common security capabilities: Penetration testing Code review Some sort of secure design review (e.g., threat modeling) During this year’s OWASP AppSec California, Synopsys’ Jim DelGrosso presented on the benefits and drawbacks of these software security initiative capabilities. Watch as he illustrates how each capability fits into building a […]

Continue Reading...

Posted in General, Software Architecture and Design, Web Application Security


SAST and DAST: Part of a balanced software security initiative

Originally posted on SecurityWeek “…is part of this balanced breakfast…” This is the claim of many sugary cereals aimed directly at children. It is also the claim of many vendors in the software security market. Selling cereal targeting children is an interesting proposition. To make the adults that ultimately have to buy the cereal feel […]

Continue Reading...

Posted in General, Static Analysis (SAST), Web Application Security


3 common mistakes companies make when starting a software security initiative

Organizations typically make three common mistakes when establishing a software security initiative (SSI). The ability to reflect on these mistakes can help firms determine whether or not their program is moving in the right direction. Let’s explore some of the most common software security initiative mistakes and alternate approaches to get firms on the right track. Ad-hoc […]

Continue Reading...

Posted in General


5 essential elements of a successful software security initiative

Every organization that develops or integrates software needs a software security initiative—a blend of people, processes and tools that ensure applications and the data they process are secure. As customers, regulators, executives and boards of directors start asking for evidence of a formal approach to software security, organizations are trying to determine where to start, […]

Continue Reading...

Posted in General, Software Architecture and Design


How proactive is your software security initiative?

The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]

Continue Reading...

Posted in General, Maturity Model (BSIMM), Web Application Security


The 3 fundamentals of a software security initiative

You take calculated risks every day. Just this morning, say you decided to walk across the street against the light because no cars were in sight and you had to get to work on time. But had that street been a highway—or if you had been with your child—you quite possibly would have made a […]

Continue Reading...

Posted in General, Security Standards and Compliance


How to scale a software security initiative: Lessons from the BSIMM

The approach needed for scaling a software security initiative (SSI) varies from industry to industry and from business to business, right? That’s one of the questions explored by the Building Security In Maturity Model (BSIMM). But, why now? Computers and software have been around for decades. Why have software security topics, especially that of scalability, […]

Continue Reading...

Posted in General, Maturity Model (BSIMM)


The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security

The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center).

Continue Reading...

Posted in General


Application security survey at RSA: The good, the bad, and the ugly

Our RSA 2019 survey on the state of application security collected dozens of responses and highlighted some notable trends. Take a look at what we found out.

Continue Reading...

Posted in Featured, General


Experts talk application security at RSA

We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.

Continue Reading...

Posted in Maturity Model (BSIMM)