Software Integrity Blog

Author Archive

Patrick Carey

patrick-carey

Patrick is Director of Product Marketing for Synopsys Software Integrity Group where he is laser focused on bringing solutions to market that help development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity.


Posts by Patrick Carey:

 

Maintaining your AppSec program through office closures and economic uncertainty

Here are three ways application security teams can respond to staffing challenges and increased security risks today while strengthening their AppSec program for the future.

Continue Reading...

Posted in Security Training & Awareness, Software Security Program | Comments Off on Maintaining your AppSec program through office closures and economic uncertainty

 

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.

Continue Reading...

Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

 

Do you have the right tools in your application security toolkit?

With so many application security tools, how do you choose the best ones for your environment? Learn how to assemble your application security toolkit.

Continue Reading...

Posted in Static Analysis (SAST), Web Application Security | Comments Off on Do you have the right tools in your application security toolkit?

 

Forrester recognizes Synopsys as a leader in software composition analysis

Black Duck is among platforms that lead the pack, cited for “very strong policy management and SDLC integrations and strong proactive vulnerability management.”

Continue Reading...

Posted in News & Announcements, Open Source Security, Software Composition Analysis (SCA) | Comments Off on Forrester recognizes Synopsys as a leader in software composition analysis

 

Did lack of visibility into Apache Struts lead to the Equifax breach?

What caused the Equifax breach? On the surface, it was the exploit of a known vulnerability. But was the root cause lack of visibility into open source use?

Continue Reading...

Posted in Data Breach Security, Open Source Security | Comments Off on Did lack of visibility into Apache Struts lead to the Equifax breach?

 

Introducing Black Duck CoPilot

Today we’re happy to announce the release of Black Duck CoPilot by Synopsys (https://copilot.blackducksoftware.com/), a new cloud service that helps open source project teams catalog and report on their project’s dependencies and vulnerabilities. What is CoPilot and what does it do? Black Duck CoPilot is FREE for open source developers who use GitHub.com (the #1 open source repository in the world today) as the repository for their projects. It connects to your GitHub repositories and provides you with security risk information for your open source project’s dependencies (i.e. the open source components used to build your project).

Continue Reading...

Posted in Agile, CI/CD & DevOps, Cloud Security | Comments Off on Introducing Black Duck CoPilot

 

Is software composition analysis compatible with Agile DevOps?

Software composition analysis tools help teams identify vulnerabilities and licenses for open source components. So is SCA compatible with agile DevOps?

Continue Reading...

Posted in Agile, CI/CD & DevOps, Software Composition Analysis (SCA) | Comments Off on Is software composition analysis compatible with Agile DevOps?