Software Integrity Blog

Author Archive

Patrick Carey

patrick-carey

Patrick is Director of Product Marketing for Synopsys Software Integrity Group where he is laser focused on bringing solutions to market that help development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity.


Posts by Patrick Carey:

 

Forrester recognizes Synopsys as a leader in software composition analysis

Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.”

Continue Reading...

Posted in Open Source Security, Software Composition Analysis | Comments Off on Forrester recognizes Synopsys as a leader in software composition analysis

 

Did lack of visibility into Apache Struts lead to the Equifax breach?

As most of you are aware, last Friday news broke of a major data breach at Equifax. As one of the major credit reporting agencies, Equifax maintains a vast amount of sensitive personal and financial information for residents of the United States and the United Kingdom, and this breach is reported to have compromised the information for nearly 150 million US and UK citizens.

Continue Reading...

Posted in Data Breach, Open Source Security | Comments Off on Did lack of visibility into Apache Struts lead to the Equifax breach?

 

Introducing Black Duck CoPilot

Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (https://copilot.blackducksoftware.com/), a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities. What is CoPilot and what does it do? Black Duck CoPilot is FREE for open source developers who use GitHub.com (the #1 open source repository in the world today) as the repository for their projects. It connects to your GitHub repositories and provides you with security risk information for your open source project’s dependencies (i.e. the open source components used to build your project).

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on Introducing Black Duck CoPilot

 

Is software composition analysis compatible with Agile DevOps?

 

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Composition Analysis | Comments Off on Is software composition analysis compatible with Agile DevOps?

 

Do you have the right tools in your application security toolkit?

RSA Conference 2017 is just a few weeks away and all you need to do to get a sense of the mind-boggling array of security solutions on the market is to take a walk through one of the two massive expo halls. Even if your search is focused on application security solutions, the wide variety of approaches (SAST, DAST, IAST, RASP, pen, fuzz, etc.), and myriad vendors, is enough to freeze anybody in their tracks. If you were building an application security toolkit, what tools would you need? Application vulnerabilities are the #1 cyber attack target, but how do you know you are using the right tools to secure them? You can’t afford to put your head in the sand and hope that the network security measures used by your customers or internal operations teams will shelter your applications from attack. The truth of the matter is that hackers have realized that application vulnerabilities are like an unlocked back door, allowing them to gain access to sensitive systems and data simply by exploiting flaws in application design or implementation. In fact, a recent study by SAP noted that applications are the target of over 80% of cyber attacks. Are static or dynamic analysis tools enough? Enter application security tools. These solutions help development teams locate and fix vulnerabilities before applications go into production. Most of these solutions fall into one of two categories:

Continue Reading...

Posted in Static Analysis (SAST), Web Application Security | Comments Off on Do you have the right tools in your application security toolkit?