Software Integrity Blog

Author Archive

Steven Zimmerman

szimmerman

Steven Zimmerman is a product marketing manager at Synopsys. He has forged his path in telecommunications and high technology. As a subject matter expert in cloud and managed IT services, he looks to drive evolution and awareness of modern tech solutions for the enterprise and mid-market. In his spare time, Steven is an avid road bicyclist, competes in local volleyball leagues, and fosters his fledgling woodworking skills.


Posts by Steven Zimmerman:

 

Coding bootcamps need to get real about secure coding practices

Coding bootcamps fill development seats fast—but the trade-off for speed is security. How do you fill the security training gaps in your developers’ education?

Continue Reading...

Posted in Security Training | Comments Off on Coding bootcamps need to get real about secure coding practices

 

Fine-tuning roles, controlling licenses, and matching code snippets in Black Duck 4.5

Any tradesperson, specialist, expert, aficionado, or technologist will tell you that the key to a quality outcome is a set of tools specific to the project and oriented to the goal. The realm of software security and secure DevOps is no exception to this truth, and in Black Duck’s version 4.5 release, we further hone the functions and controls used by development and security teams around the globe to establish the most effective tool for the job: to build secure, high-quality software faster. Identify open source code fragment reuse (snippet matching) Let’s start by introducing one of the most-requested enhancements to Black Duck: the ability to find open source code snippets in applications. Snippets are fragments of open source code that compose a larger open source component and that may carry with them license requirements present in their source component.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security, Software Composition Analysis | Comments Off on Fine-tuning roles, controlling licenses, and matching code snippets in Black Duck 4.5

 

What it takes to be an Open Source Rookie

The spirit of open source can be summarized as trust in the development community to work together to create, evolve, and maintain software products with such transparency that others can leverage these accomplishments for further innovation. It is this spirit that Black Duck by Synopsys seeks to recognize each year with its Open Source Rookies of the Year report, in which we honor the most innovative and influential open source projects released to the community the previous year. Congratulations to each Open Source Rookie!

Continue Reading...

Posted in Open Source Security | Comments Off on What it takes to be an Open Source Rookie

 

FinTech compliance is evolving to safeguard your information

The rapid growth of custom and open source applications deployed in businesses worldwide means that all companies have significant software assets. In some industries, agile development and open source software have enabled a technological evolution, to the point of creating new business models. FinTech is one example of an industry established around technologies, delivering automated and self-service financial solutions across platforms.

Continue Reading...

Posted in Financial Services Security, Open Source Security, Security Standards and Compliance | Comments Off on FinTech compliance is evolving to safeguard your information

 

Understanding the hows and whys of open source audits

If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source. And if you’re on the lookout for your next acquisition, you’ll be evaluating targets replete with open source. Synopsys recently found that proprietary applications we audit are 36% open source on average.

Continue Reading...

Posted in Mergers & Acquisitions, Open Source Security | Comments Off on Understanding the hows and whys of open source audits