A software security initiative (SSI) often begins with one of three common security capabilities: Penetration testing Code review Some sort of secure design review (e.g., threat modeling) During this year’s OWASP AppSec California, Synopsys’ Jim DelGrosso presented on the benefits and drawbacks of these software security initiative capabilities. Watch as he illustrates how each capability fits into building a […]
Originally posted on SecurityWeek “…is part of this balanced breakfast…” This is the claim of many sugary cereals aimed directly at children. It is also the claim of many vendors in the software security market. Selling cereal targeting children is an interesting proposition. To make the adults that ultimately have to buy the cereal feel […]
Organizations typically make three common mistakes when establishing a software security initiative (SSI). The ability to reflect on these mistakes can help firms determine whether or not their program is moving in the right direction. Let’s explore some of the most common software security initiative mistakes and alternate approaches to get firms on the right track. Ad-hoc […]
Posted in General
Every organization that develops or integrates software needs a software security initiative—a blend of people, processes and tools that ensure applications and the data they process are secure. As customers, regulators, executives and boards of directors start asking for evidence of a formal approach to software security, organizations are trying to determine where to start, […]
The bad news is that software gets hacked. The defects or vulnerabilities that attackers take advantage of to hack software can be made by an organization internally, or by their vendors or partners. The good news is that remediation methods to resolve these defects and vulnerabilities are well known. Organizations with a mature software security […]
You take calculated risks every day. Just this morning, say you decided to walk across the street against the light because no cars were in sight and you had to get to work on time. But had that street been a highway—or if you had been with your child—you quite possibly would have made a […]
The approach needed for scaling a software security initiative (SSI) varies from industry to industry and from business to business, right? That’s one of the questions explored by the Building Security In Maturity Model (BSIMM). But, why now? Computers and software have been around for decades. Why have software security topics, especially that of scalability, […]
The Synopsys Software Integrity Group is pleased to announce the public launch of CyRC (Cybersecurity Research Center).
Posted in General
Our RSA 2019 survey on the state of application security collected dozens of responses and highlighted some notable trends. Take a look at what we found out.
We asked a couple of AppSec experts and BSIMM participants about 2019 application security trends, challenges, obstacles, and solutions. Here’s what they said.
Posted in Maturity Model (BSIMM)