Software Integrity Blog

Author Archive

Fred Bals

fbals

Fred is a senior technical writer at Synopsys. He is a Mini Cooper fanboy and has worked for both Google and Bob Dylan at various points in his career.


Posts by Fred Bals:

 

Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

Software Integrity Insight is switching over to a monthly schedule, but we’ll still bring you the best SAST, DAST, and SCA security news as we find it. And don’t despair: You can still get your weekly fix of application security (and insecurity) news by following our colleague Taylor Armerding’s video blog, Security Mashup. With so […]

Continue Reading...

Posted in Open Source Security | Comments Off on Half a billion IoT devices vulnerable, breaches at Homeland Security, FedEx, and the fastest growing cyberthreat

 

Creating a secure SDLC, solving open source’s biggest problem, government unprepared for cyber attacks

The cyber security and open source security news that made headlines this week! Synopsys: Changing our culture to follow a secure software development life cycle Case Study: Like members of many other development teams, Synopsys’ own engineers initially resisted anything that might slow developer productivity. However, their reluctance to adopt security practices during development was […]

Continue Reading...

Posted in Open Source Security | Comments Off on Creating a secure SDLC, solving open source’s biggest problem, government unprepared for cyber attacks

 

Traffic systems at risk of cyber attack, Cortana and Alexa news, PyRoMineIoT cryptojacker

The cyber security and open source security news that made headlines this week: Traffic systems at risk of cyber attack, Cortana and Alexa news, and the PyRoMineIoT cryptojacker.

Continue Reading...

Posted in Internet of Things, Open Source Security | Comments Off on Traffic systems at risk of cyber attack, Cortana and Alexa news, PyRoMineIoT cryptojacker

 

Big temperature drop in Hades as Microsoft buys GitHub

The big news for open source last week was Microsoft’s announced purchase of GitHub. A major win for open source? The beginning of the end? Read Software Integrity Insight to see both sides of the coin, as well as the rest of the cyber security and open source security news that made headlines this week! […]

Continue Reading...

Posted in Open Source Security | Comments Off on Big temperature drop in Hades as Microsoft buys GitHub

 

North Korea hacking, JScript RCE, World Cup a cyberthreat target?

One of the ways hackers could ruin the World Cup 2018 for travelers is by hijacking the self-printed ticket kiosks or connected QR code readers for e-tickets, warns Steve Giguere, lead engineer at cyber security firm Synopsys. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines this week, including […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Open Source Security | Comments Off on North Korea hacking, JScript RCE, World Cup a cyberthreat target?

 

Open source security risk on the rise owing to unpatched software

A slight change of pace for this week’s issue of Software Integrity Insight, as we focus on the release of the 2018 Open Source Security and Risk Analysis, which analyzes the audit results of over 1,100 commercial codebases from over 500 organizations and examines the open source security and licensing news of 2017. We think […]

Continue Reading...

Posted in Open Source Security | Comments Off on Open source security risk on the rise owing to unpatched software

 

OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Medical Device Security, Static Analysis (SAST) | Comments Off on OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting

 

NIST report on container security, GitLab Developer Report, VW and Audi remote hacks

Software Integrity Insight is your resource on the cyber security and open source security that made the headlines! 8 takeaways from NIST’s application container security guide via Synopsys Software Integrity: Chances are, hackers are aware of the growing popularity of containers as well, says technical evangelist Tim Mackey. Which is why we compiled eight takeaways […]

Continue Reading...

Posted in Automotive Security, Container Security, Open Source Security | Comments Off on NIST report on container security, GitLab Developer Report, VW and Audi remote hacks

 

RSA news, Israel shifts to open source, latest on TaskRabbit breach

RSA happened last week, and a ton of news—some gloomy, some encouraging—has come from the world’s largest cyber security conference. The Israeli government follows Great Britain, the U.S., and France and moves to open source. TaskRabbit pledges “more security” after a data breach, and nine things you can expect to have an impact on cyber […]

Continue Reading...

Posted in Agile, CI/CD & DevOps, Data Breach, Events, Open Source Security | Comments Off on RSA news, Israel shifts to open source, latest on TaskRabbit breach

 

Data breaches, SirenJack, and serverless apps vulns

It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and […]

Continue Reading...

Posted in Container Security, Data Breach, Internet of Things, Open Source Security | Comments Off on Data breaches, SirenJack, and serverless apps vulns