Software Integrity Blog

Author Archive

Ashutosh Agrawal


Ashutosh Agrawal is an associate managing consultant at Synopsys. Over the last nine years, he has performed and led a wide variety of application security assessments including penetration tests, secure code reviews, and threat modeling projects. He has deployed static analysis tools, developed SSDLC policies and standards, and has delivered several instructor-led training courses. Ashutosh possesses extensive project management experience as a key member of Synopsys' strategic Software Security In-a-Box and BSIMM initiatives. Ashutosh has a Master's in Computer Science from the University of Southern California and is currently based in Washington DC. In his spare time, he loves to teach Hindi to students via Google Hangout.

Posts by Ashutosh Agrawal:


3 common mistakes companies make when starting a software security initiative

Organizations typically make three common mistakes when establishing a software security initiative (SSI). The ability to reflect on these mistakes can help firms determine whether or not their program is moving in the right direction. Let’s explore some of the most common software security initiative mistakes and alternate approaches to get firms on the right track. Ad-hoc program vs. roadmap-based program Until recently, most firms didn’t perceive a SSI as a separate program. The software security functions were either ignored or haphazardly accomplished by leveraging other divisions in the organization such as development, IT operations, and network teams.

Continue Reading...

Posted in Application Security


2015 cyber security breaches that will live in infamy

Join us as we explore three of the biggest data breaches from 2015, why they happened, and what you can do to protect your organization in 2016 and beyond.

Continue Reading...

Posted in Data Breach Security


Understanding Python pickling and how to use it securely

In Python, you can use pickle to serialize (deserialize) an object structure into (from) a byte stream. Here are best practices for secure Python pickling.

Continue Reading...

Posted in Building secure software, Developer Enablement