Software Integrity Blog

Author Archive

Patrick Carey

patrick-carey

Patrick is Director of Product Marketing for Synopsys Software Integrity Group where he is laser focused on bringing solutions to market that help development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity.


Posts by Patrick Carey:

 

Do you have the right tools in your application security toolkit?

With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit.

Continue Reading...

Posted in Static Analysis (SAST), Web Application Security | Comments Off on Do you have the right tools in your application security toolkit?

 

Forrester recognizes Synopsys as a leader in software composition analysis

Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.”

Continue Reading...

Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Forrester recognizes Synopsys as a leader in software composition analysis

 

Did lack of visibility into Apache Struts lead to the Equifax breach?

What caused the Equifax breach? On the surface, it was the exploit of a known vulnerability. But was the root cause lack of visibility into open source use?

Continue Reading...

Posted in Data Breach Security, Open Source Security | Comments Off on Did lack of visibility into Apache Struts lead to the Equifax breach?

 

Introducing Black Duck CoPilot

Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (https://copilot.blackducksoftware.com/), a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities. What is CoPilot and what does it do? Black Duck CoPilot is FREE for open source developers who use GitHub.com (the #1 open source repository in the world today) as the repository for their projects. It connects to your GitHub repositories and provides you with security risk information for your open source project’s dependencies (i.e. the open source components used to build your project).

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on Introducing Black Duck CoPilot

 

Is software composition analysis compatible with Agile DevOps?

Software composition analysis tools help teams identify vulnerabilities and licenses for open source components. So is SCA compatible with agile DevOps?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Composition Analysis (SCA) | Comments Off on Is software composition analysis compatible with Agile DevOps?