Sep 22, 2023/3 min read

From diligence to integration: How software audits inform post-close M&A strategies

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Sep 21, 2023/1 min read

Defensics extends fuzzing capabilities for IoT markets

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research

Sep 20, 2023/3 min read

Forrester recognizes Synopsys as a Leader in static application security testing

By Corey Hamilton

Tags: Software Integrity, Security News & Research, SAST

Sep 19, 2023/4 min read

Automate security: DevOps integrations for risk detection and remediation

By Charlotte Freeman

Tags: Software Integrity, Build Secure Software, DevSecOps

Sep 18, 2023/5 min read

National Coding Week: Closing the skills gap with secure code training

By Taylor Armerding

Tags: Software Integrity, Build Secure Software, Training, DevSecOps

Sep 08, 2023/2 min read

Black Duck audits reporting update: Streamlined view of risks and remediation steps

By Synopsys Editorial Team

Tags: M&A, Software Integrity, Compliance

Sep 07, 2023/5 min read

How to safeguard your AI ecosystem: The imperative of AI/ML security assessments

By John Waller

Tags: Software Integrity, Build Secure Software, DevSecOps

Sep 05, 2023/2 min read

CyRC Vulnerability Advisory: CVE-2023-2453 Local File Inclusion in Forum Infusion and CVE-2023-4480 Arbitrary File Read in Fusion File Manager

By Matthew Hogg

Tags: Software Integrity, CyRC

Aug 31, 2023/5 min read

What capabilities are critical to the success of your AppSec program?

By Patrick Carey

Tags: Software Integrity, Security News & Research, Build Secure Software, Software Supply Chain, Manage Security Risks

Aug 31, 2023/3 min read

The SANS report: The dynamics of DevSecOps

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, DevSecOps

Aug 25, 2023/4 min read

The parallels of AI and open source in software development

By Phil Odence

Tags: M&A, Software Integrity, Compliance, Manage Security Risks, OSS License Compliance

Aug 24, 2023/7 min read

How to make the future IoT more secure

By Taylor Armerding

Tags: Software Integrity, Build Secure Software, Pen Testing, Training, Internet of Things

Aug 22, 2023/1 min read

Building Security In Podcast: New strategies for managing risk

By Synopsys Editorial Team

Tags: Software Integrity, DevSecOps

Aug 16, 2023/6 min read

Solving cross-platform DevSecOps challenges with Synopsys

By Synopsys Editorial Team

Tags: Software Integrity, DevSecOps

Aug 16, 2023/2 min read

Eliminate false positives with WhiteHat Dynamic

By Charlotte Freeman

Tags: DAST, Software Integrity, Manage Security Risks

Aug 15, 2023/1 min read

CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon

By Synopsys Editorial Team

Tags: Software Integrity, CyRC

Aug 11, 2023/1 min read

The rise of AI in software development

By Phil Odence

Tags: M&A, Software Integrity, Compliance, Manage Security Risks, OSS License Compliance

Aug 10, 2023/5 min read

Introducing Synopsys AI code analysis API

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Manage Security Risks, OSS License Compliance

Aug 08, 2023/2 min read

Synopsys and NowSecure join forces

By Vishrut Iyengar

Tags: Software Integrity, Mobile

Aug 08, 2023/3 min read

Developer-first security to prevent downstream risks

By Steven Zimmerman

Tags: Software Integrity

Aug 01, 2023/3 min read

Simplify AppSec program management with Software Risk Manager

By Natasha Gupta

Tags: Software Integrity, DevSecOps, Orchestration & Correlation

Jul 28, 2023/3 min read

Software due diligence for PE & VC investors

By Zvi Levitas

Tags: M&A, Software Integrity, Compliance, OSS License Compliance

Jul 25, 2023/1 min read

Compliance? WhiteHat™ Dynamic has you covered

By Charlotte Freeman

Tags: DAST, Software Integrity, Manage Security Risks

Jul 24, 2023/3 min read

Avoiding pitfalls when integrating AppSec for DevOps

By Charlotte Freeman

Tags: Software Integrity, DevSecOps

Jul 17, 2023/2 min read

The Polaris platform is redefining secure development

By Charlotte Freeman

Tags: Software Integrity, DevSecOps, Cloud Security, Manage Security Risks

Jul 17, 2023/1 min read

Building Security In Podcast: Machine Learning + AI

By Synopsys Editorial Team

Tags: Software Integrity, DevSecOps

Jul 14, 2023/2 min read

Why nontechnical organizations need due diligence

By Don Mulrenan

Tags: M&A, Software Integrity, Compliance, Manage Security Risks, OSS License Compliance

Jul 11, 2023/3 min read

AppSec integrations enable a more secure SDLC

By Charlotte Freeman

Tags: Software Integrity, DevSecOps

Jul 11, 2023/5 min read

Consolidation: The wave of the (AST) future

By Jim Ivers

Tags: Software Integrity, Program Strategy & Planning, DevSecOps, Manage Security Risks

Jul 07, 2023/2 min read

CyRC Vulnerability of the Month: curl

By Black Duck Security Advisory Team

Tags: Software Integrity, Security News & Research, CyRC

Jul 05, 2023/6 min read

Challenges of interoperability in fuzz testing

By Kari Hulkko

Tags: Software Integrity, Fuzzing

Jun 30, 2023/2 min read

Defending against malicious packages in the npm ecosystem and beyond

By Fred Bals

Tags: SCA, Software Integrity, Manage Security Risks

Jun 27, 2023/8 min read

Creating a well-rounded Microsoft 365 security program

By John Waller

Tags: Software Integrity, Build Secure Software, Cloud Security

Jun 26, 2023/6 min read

2023 OSSRA deep dive: High-risk vulnerabilities

By Fred Bals

Tags: Software Integrity, Manage Security Risks, OSS License Compliance

Jun 26, 2023/1 min read

Podcast: The current state of DevOps

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Program Strategy & Planning, AppSec Best Practices, DevSecOps

Jun 23, 2023/1 min read

FDA: SBOMs requirement for connected medical devices

By Julie Courtnay

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Jun 15, 2023/3 min read

Continuous scanning in your production environment is more important than ever

By Vishrut Iyengar

Tags: DAST, Software Integrity, DevSecOps

Jun 11, 2023/3 min read

Forrester recognizes Synopsys as a Leader in software composition analysis

By Mike McGuire

Tags: SCA, Software Integrity, Security News & Research

Jun 09, 2023/4 min read

Software quality: Diligence prep for sellers

By Chris Boyd

Tags: M&A, Software Integrity, Compliance, Manage Security Risks, OSS License Compliance

Jun 08, 2023/1 min read

AppSec Decoded: Ease of use with Polaris

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, DevSecOps

Jun 05, 2023/4 min read

Enhancing cloud security posture with an effective cloud governance framework

By Synopsys Editorial Team

Tags: Software Integrity, Cloud Security, Manage Security Risks

Jun 02, 2023/3 min read

Fuzz Testing and Medical Devices

By John McShane

Tags: Software Integrity, Fuzzing, Medical Devices

Jun 01, 2023/1 min read

CyRC Vulnerability Advisory: CVE-2023-32353, Apple iTunes local privilege escalation on Windows

By Zeeshan Shaikh

Tags: Software Integrity, Security News & Research, CyRC

May 31, 2023/1 min read

Synopsys named in 2023 Fortress Cyber Security Awards

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

May 26, 2023/2 min read

Connecting the dots: Development + business risk + due diligence

By Phil Odence

Tags: M&A, Software Integrity, Compliance, Manage Security Risks, OSS License Compliance

May 24, 2023/1 min read

AppSec Decoded: Easy to scale with Polaris

By Synopsys Editorial Staff

Tags: Software Integrity, Build Secure Software, DevSecOps

May 22, 2023/3 min read

Synopsys named a Leader in the 2023 Gartner® Magic Quadrant™ for Application Security Testing for the seventh year

By Jason Schmitt

Tags: Software Integrity, Security News & Research, Build Secure Software, Software Supply Chain, Manage Security Risks

May 18, 2023/8 min read

Top open source licenses and legal risk for developers

By Synopsys Editorial Team

Tags: SCA, Software Integrity, OSS License Compliance

May 17, 2023/4 min read

Detection strategies to unmask the source of malicious code

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software

May 17, 2023/2 min read

Eliminate malicious code in your software supply chain

By Synopsys Editorial Team

Tags: Software Integrity, Software Supply Chain

May 12, 2023/2 min read

The importance of software due diligence for private equity firms

By Umer Palla

Tags: M&A, Software Integrity, OSS License Compliance

May 10, 2023/4 min read

2023 OSSRA deep dive: jQuery and open source security

By Fred Bals

Tags: SCA, Software Integrity, Software Supply Chain, OSS License Compliance

May 08, 2023/6 min read

A deep-dive on Pluck CMS vulnerability CVE-2023-25828

By Matthew Hogg

Tags: Software Integrity, Security News & Research, CyRC

May 08, 2023/1 min read

CRN’s 2023 Women of the Channel Awards list

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

May 02, 2023/2 min read

CyRC Vulnerability Advisory: CVE-2023-25826 and CVE-2023-25827 in OpenTSDB

By Jamie Harris

Tags: Software Integrity, Security News & Research, CyRC

Apr 28, 2023/4 min read

Fuzz testing for connected and autonomous vehicles

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Fuzzing, Manage Security Risks, Automotive

Apr 28, 2023/3 min read

Software due diligence in M&A: Key considerations and risks

By Kevin Collins

Tags: M&A, Software Integrity, OSS License Compliance

Apr 26, 2023/1 min read

AppSec Decoded: Evaluating threats with threat modeling risk analysis

By Synopsys Editorial Team

Tags: Software Integrity, Threat Modeling, Manage Security Risks

Apr 26, 2023/6 min read

Cloud detection and response, a key asset for cloud security

By John Waller

Tags: Software Integrity, Cloud Security, Manage Security Risks

Apr 26, 2023/3 min read

Fast application security testing with the Polaris platform

By Charlotte Freeman

Tags: Agile, CI/CD, Software Integrity, DevSecOps, Manage Security Risks

Apr 26, 2023/3 min read

We’re one step closer to knowing how to comply with EO 14028

By Tim Mackey

Tags: Software Integrity, Security News & Research, Software Supply Chain, AppSec Best Practices, DevSecOps

Apr 24, 2023/6 min read

Improving software supply chain security for cloud applications and workloads

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Software Supply Chain, Cloud Security

Apr 21, 2023/5 min read

Friend or foe: AI chatbots in software development

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Program Strategy & Planning

Apr 21, 2023/1 min read

AppSec Decoded: Creating an attack model in threat modeling

By Synopsys Editorial Team

Tags: Software Integrity, Threat Modeling, Manage Security Risks

Apr 19, 2023/3 min read

Polaris integrations: Secure development at the speed of business

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, DevSecOps, Manage Security Risks

Apr 14, 2023/2 min read

Black Duck SCA vs. Black Duck Audit Services

By Steven Power

Tags: M&A, Software Integrity, OSS License Compliance

Apr 13, 2023/1 min read

AppSec Decoded: Creating a system model in threat modeling

By Synopsys Editorial Team

Tags: Software Integrity, Threat Modeling, Manage Security Risks

Apr 13, 2023/5 min read

Improving cloud security posture with infrastructure-as-code

By Monika Chakraborty

Tags: Software Integrity, Build Secure Software, IAST, Cloud Security

Apr 12, 2023/5 min read

What pen testing can tell you about the health of your SDLC

By Charlotte Freeman

Tags: Software Integrity, Build Secure Software, Pen Testing

Apr 10, 2023/2 min read

Container security essentials

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Cloud Security, Container Security

Apr 05, 2023/4 min read

Why cross-site scripting still matters

By Charlotte Freeman

Tags: Software Integrity, Program Strategy & Planning, Build Secure Software, AppSec Best Practices, Web AppSec, Manage Security Risks

Apr 04, 2023/1 min read

AppSec Decoded: Scoping + data gathering in threat modeling

By Synopsys Editorial Team

Tags: Software Integrity, Threat Modeling, Manage Security Risks

Apr 04, 2023/4 min read

Polaris: Your no-compromise SaaS AST solution

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, DevSecOps, Manage Security Risks

Apr 02, 2023/1 min read

OWASP Top 10: Security misconfiguration

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Security News & Research, CyRC

Mar 26, 2023/2 min read

Synopsys Global Partner Program Receives CRN® 5-Star Rating for Second Consecutive Year

By Fred Bals

Tags: Software Integrity, Security News & Research

Mar 23, 2023/5 min read

Assessing design quality for better software due diligence

By Ashwin Ala

Tags: M&A, Software Integrity, Manage Security Risks

Mar 23, 2023/1 min read

CyRC Vulnerability Advisory: CVE-2023-25828 Authenticated Remote Code Execution in Pluck CMS

By Matthew Hogg

Tags: Software Integrity, Security News & Research, CyRC

Mar 23, 2023/5 min read

Production-safe DAST: Your secret weapon against threat actors

By Vishrut Iyengar

Tags: DAST, Software Integrity, Build Secure Software

Mar 19, 2023/6 min read

Automate your DevSecOps to take the pressure off triage

By Steven Zimmerman

Tags: Software Integrity, Build Secure Software, DevSecOps

Mar 16, 2023/1 min read

AppSec Decoded: Continuous AppSec testing in DevSecOps with Seeker IAST

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, IAST, DevSecOps

Mar 15, 2023/1 min read

OWASP Top 10: Insecure design

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Security News & Research

Mar 12, 2023/5 min read

DevSecOps uses policy to take the pressure off testing

By Charlotte Freeman

Tags: Software Integrity, Security News & Research, DevSecOps, Orchestration & Correlation

Mar 10, 2023/3 min read

Static analysis + penetration testing = More than the sum of their parts

By Phil Odence

Tags: M&A, Software Integrity, Security News & Research

Mar 07, 2023/2 min read

Secure software development for modern vehicles

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Security News & Research, Compliance, Automotive

Mar 02, 2023/1 min read

AppSec Decoded: Managing your open source risks

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Security News & Research, Software Supply Chain

Mar 02, 2023/1 min read

OWASP Top 10: Injection

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Security News & Research, CyRC

Feb 27, 2023/1 min read

AppSec Decoded: Takeaways from the 2022 “Software Vulnerability Snapshot” report

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Security News & Research, Pen Testing, Manage Security Risks

Feb 27, 2023/5 min read

Instantly scalable dynamic application security testing

By Vishrut Iyengar

Tags: DAST, Software Integrity, Manage Security Risks

Feb 27, 2023/4 min read

Take the pressure off coding for your developers

By Steven Zimmerman

Tags: Software Integrity, Security News & Research, DevSecOps

Feb 24, 2023/1 min read

The M&A Open Source Risk Number

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Feb 22, 2023/1 min read

AppSec Decoded: Open source trends uncovered in the 2023 OSSRA report

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Software Supply Chain

Feb 21, 2023/4 min read

2023 OSSRA: A deep dive into open source trends

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Software Supply Chain

Feb 14, 2023/4 min read

The step-by-step guide to threat modeling

By Charlotte Freeman

Tags: Software Integrity, Threat Modeling, Manage Security Risks

Feb 13, 2023/1 min read

OWASP Top 10: Cryptographic failures

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Build Secure Software, CyRC, Web AppSec

Feb 09, 2023/3 min read

Navigating software due diligence with a Black Duck Audit

By Steven Power

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Feb 08, 2023/3 min read

Spotlight on CRED: Benchmarking security with a BSIMM assessment

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks

Feb 06, 2023/1 min read

Tom Herrmann of the Synopsys Software Integrity Group recognized as 2023 CRN Channel Chief

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Feb 06, 2023/11 min read

CyRC special report: Secure apps? Don’t bet on it

By Jonathan Knudsen

Tags: SCA, Software Integrity, Security News & Research, Mobile, CyRC

Feb 02, 2023/4 min read

CyRC Special Report: How companies fared in the aftermath of Log4Shell

By Jonathan Knudsen

Tags: SCA, Software Integrity, CyRC

Jan 30, 2023/1 min read

CyRC Vulnerability Advisory: CVE-2023-23846 Denial-of-Service Vulnerability in Open5GS GTP Library

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC

Jan 29, 2023/4 min read

Open source software: A pillar of modern software development

By Mike McGuire

Tags: SCA, Software Integrity, Software Supply Chain

Jan 26, 2023/5 min read

Black Duck’s New Year’s Resolution

By Mike McGuire

Tags: SCA, Software Integrity, Software Supply Chain

Jan 25, 2023/1 min read

Software risks and technical debt: The role of process in determining good software

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Jan 22, 2023/6 min read

2023 cybersecurity predictions that should be on your radar

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Jan 20, 2023/3 min read

Prioritizing open source vulnerabilities in software due diligence

By Mike McGuire

Tags: M&A, Software Integrity, OSS License Compliance

Jan 19, 2023/1 min read

OWASP Top 10: Broken access control

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Build Secure Software, CyRC

Jan 17, 2023/8 min read

Finding hard-coded secrets before you suffer a breach

By Ksenia Peguero

Tags: SCA, Software Integrity, Build Secure Software, IAST, SAST

Jan 10, 2023/1 min read

AppSec Decoded: The research behind the 2022 “Software Vulnerability Snapshot”

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Security News & Research, Pen Testing

Jan 05, 2023/8 min read

How to choose React Native libraries for secure mobile application development

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Mobile, SAST

Jan 02, 2023/1 min read

Cybersecurity Research Center Developer Series: The OWASP Top 10

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Build Secure Software, CyRC, Training

Dec 21, 2022/8 min read

The top cyber security stories of 2022

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Internet of Things

Dec 14, 2022/4 min read

Automating web security testing within your DevOps pipelines

By Charlotte Freeman

Tags: Software Integrity, Build Secure Software, IAST, DevSecOps

Dec 09, 2022/3 min read

SBOM: What’s in your software ingredients list?

By Synopsys Editorial Team

Tags: M&A, Software Integrity, Software Supply Chain, OSS License Compliance

Dec 06, 2022/5 min read

What is the cost of poor software quality in the U.S.?

By Mike McGuire

Tags: SCA, Software Integrity, Security News & Research, Build Secure Software

Nov 29, 2022/2 min read

CyRC Vulnerability Advisory: Remote code execution vulnerabilities in mouse and keyboard apps

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, CyRC

Nov 28, 2022/1 min read

AppSec Decoded: Get actionable solutions with DAST

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Manage Security Risks

Nov 24, 2022/5 min read

Custom and variant licenses: What’s in the fine print?

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Nov 22, 2022/5 min read

Beyond NVD data: Using Black Duck Security Advisories for version accuracy

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, CyRC

Nov 14, 2022/3 min read

The “Software Vulnerability Snapshot” reports that 95% of tests uncovered vulnerabilities in target apps

By Fred Bals

Tags: DAST, Software Integrity, Security News & Research, Pen Testing, Web AppSec

Nov 11, 2022/3 min read

The top three differences between an open source audit and an open source scan

By Umer Palla

Tags: M&A, Software Integrity, OSS License Compliance

Nov 09, 2022/11 min read

JavaScript security best practices for securing your applications

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Training

Nov 08, 2022/5 min read

Scalable SAST and SCA in a single solution with Polaris fAST services

By Patrick Carey

Tags: SCA, Software Integrity, Build Secure Software, DevSecOps, SAST, Manage Security Risks

Nov 04, 2022/3 min read

Defensics adds gRPC support for distributed web and mobile application security testing

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Build Secure Software, Mobile, Web AppSec

Nov 02, 2022/1 min read

CyRC Vulnerability Advisory: CVE-2022-43945 buffer overflow vulnerabilities in NFSD

By Kari Hulkko

Tags: Software Integrity, Security News & Research, CyRC

Oct 31, 2022/4 min read

Synopsys Action introduces GitHub Actions integration for developers

By Steven Zimmerman

Tags: Software Integrity, Build Secure Software, DevSecOps

Oct 28, 2022/4 min read

Avoid anaphylactic shock by auditing dependencies in software due diligence

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Oct 27, 2022/2 min read

Experts warn of critical security vulnerability discovered in OpenSSL

By Tim Mackey

Tags: SCA, Software Integrity, Security News & Research

Oct 25, 2022/6 min read

New government directives and persistent threats reinforce urgency of securing software

By Synopsys Editorial Team

Tags: Software Integrity, Compliance, Public Sector

Oct 16, 2022/2 min read

Real-time OWASP vulnerabilities as you code with Code Sight and Rapid Scan Static

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Oct 13, 2022/3 min read

I have my Black Duck Audit reports; What’s next?

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Oct 12, 2022/5 min read

Open source dependency best practices for developers

By Charlotte Freeman

Tags: SCA, Software Integrity, Software Supply Chain, AppSec Best Practices

Oct 11, 2022/1 min read

CyRC Vulnerability Advisory: CVE-2022-39064 IKEA TRÅDFRI smart lighting

By Tuomo Untinen, Kari Hulkko

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC, Internet of Things

Oct 10, 2022/1 min read

CyRC Vulnerability Advisory: CVE-2022-39065 IKEA TRÅDFRI smart lighting gateway

By Tuomo Untinen, Kari Hulkko

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC, Internet of Things

Oct 04, 2022/4 min read

IDE-based application security for developers in IntelliJ

By Steven Zimmerman

Tags: SCA, Software Integrity, Build Secure Software, DevSecOps, SAST

Sep 27, 2022/5 min read

Secure cloud-native apps and APIs at the speed your business demands

By Kimm Yeo

Tags: Software Integrity, Build Secure Software, IAST, Cloud Security, Manage Security Risks

Sep 23, 2022/3 min read

Commercial software licenses in software due diligence

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Sep 21, 2022/7 min read

BSIMM13: Trends and recommendations to help improve your software security program

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Sep 13, 2022/2 min read

CyRC Vulnerability Advisory: Denial-of-service vulnerabilities (CVE-2022-39063) in Open5GS

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC

Sep 08, 2022/8 min read

Smart home under fuzzing

By Kari Hulkko

Tags: Software Integrity, Fuzzing, Manage Security Risks, Internet of Things

Sep 08, 2022/4 min read

Understanding the hows and whys of open source audits

By Steven Zimmerman

Tags: M&A, Software Integrity, OSS License Compliance

Aug 30, 2022/1 min read

AppSec Decoded: Addressing NIST guidelines begins with understanding your risk profile

By Synopsys Editorial Team

Tags: Software Integrity, Public Sector

Aug 30, 2022/4 min read

Establishing trust in your software supply chain with an SBOM

By Mike McGuire

Tags: SCA, Software Integrity, Software Supply Chain

Aug 28, 2022/4 min read

Synopsys and the new Automated Source Code Data Protection Measure have you covered

By Charlotte Freeman

Tags: Software Integrity, Security News & Research, Compliance

Aug 26, 2022/4 min read

What I wish I knew about security when I started programming

By Allon Mureinik

Tags: Software Integrity, Build Secure Software, Training

Aug 24, 2022/7 min read

API authentication and authorization best practices

By Charlotte Freeman

Tags: Software Integrity, Build Secure Software, Software Supply Chain, AppSec Best Practices, Manage Security Risks

Aug 23, 2022/1 min read

AppSec Decoded: The NIST guidance on supply chain risk management

By Synopsys Editorial Team

Tags: Software Integrity, Software Supply Chain, Public Sector

Aug 18, 2022/3 min read

The four most important aspects of software due diligence audits

By Phil Odence

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Aug 17, 2022/11 min read

CyRC Case Study: Exploitable memory corruption using CVE-2020-25669 and Linux Kernel

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Security News & Research, CyRC

Aug 11, 2022/1 min read

AppSec Decoded: An introduction to the Synopsys Cybersecurity Research Center

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, CyRC

Aug 09, 2022/5 min read

Synopsys and ESG report points to prevalence of software supply chain risks

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Security News & Research, Software Supply Chain, Cloud Security

Aug 08, 2022/4 min read

Secure SDLC 101

By Charlotte Freeman

Tags: Agile, CI/CD, Software Integrity, Program Strategy & Planning, Manage Security Risks

Aug 03, 2022/4 min read

Building a software Bill of Materials with Black Duck

By Mike McGuire

Tags: SCA, Software Integrity, Software Supply Chain, Compliance

Aug 03, 2022/1 min read

CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, CyRC

Aug 01, 2022/6 min read

CyRC Vulnerability Analysis: Repo jacking in the software supply chain

By Synopsys Editorial Team

Tags: Software Integrity, CyRC

Jul 29, 2022/2 min read

Introducing IaC Security from Black Duck

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Secure Software

Jul 27, 2022/4 min read

Five types of software licenses you need to understand

By Phil Odence

Tags: Software Integrity, OSS License Compliance

Jul 24, 2022/7 min read

Bridging the security gap in continuous testing and the CI/CD pipeline

By Kimm Yeo

Tags: Software Integrity, IAST, DevSecOps, Manage Security Risks, Orchestration & Correlation

Jul 20, 2022/4 min read

Interview-based due diligence or software audits?

By Synopsys Editorial Team

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Jul 19, 2022/1 min read

Appsec Decoded: Application security orchestration and correlation

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, DevSecOps, Manage Security Risks, Orchestration & Correlation

Jul 14, 2022/1 min read

AppSec Decoded: Get the most out of your open source software

By Synopsys Editorial Team

Tags: M&A, Software Integrity, Software Supply Chain

Jul 10, 2022/4 min read

Build a holistic AppSec program

By Boris Cipot

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Jul 05, 2022/5 min read

OWASP API Security Top 10: Security risks that should be on your radar

By Charlotte Freeman

Tags: Software Integrity, Build Secure Software, Manage Security Risks

Jun 30, 2022/2 min read

CyRC Vulnerability of the Month: Spring Framework

By Black Duck Security Advisory Team

Tags: Software Integrity, Security News & Research, CyRC

Jun 27, 2022/6 min read

Celebrating one year of Rapid Scan Static

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST, Web AppSec, Manage Security Risks

Jun 22, 2022/2 min read

M&A, trust in software, and a good night’s sleep

By Phil Odence

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Jun 22, 2022/3 min read

WhiteHat brings new dimension to DAST capabilities at Synopsys

By Jason Schmitt

Tags: DAST, Software Integrity, Security News & Research

Jun 15, 2022/3 min read

Enterprise applications run your business, so how can you secure them?

By Mike McGuire

Tags: SCA, Software Integrity, SAST, Manage Security Risks

Jun 14, 2022/6 min read

Why supply chain risk management is a top priority

By Taylor Armerding

Tags: Software Integrity, Software Supply Chain, Public Sector

Jun 10, 2022/1 min read

AppSec Decoded: Security at the speed of DevOps

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Manage Security Risks, Orchestration & Correlation

Jun 02, 2022/3 min read

Celebrating Pride 2022: Out in open source

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

May 24, 2022/8 min read

CyRC Case Study: Securing BIND 9

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software, CyRC, SAST

May 23, 2022/1 min read

AppSec Decoded: Managing software supply chain risks

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Software Supply Chain

May 19, 2022/2 min read

CyRC Vulnerability Advisory: Sensitive data exposure in JSON enables account compromise in Strapi

By David Johansson

Tags: Software Integrity, Security News & Research, CyRC

May 18, 2022/5 min read

Tech tales: Achieving PCI compliance with application security testing

By Chai Bhat

Tags: Software Integrity, Financial Services, Compliance, Pen Testing, Manage Security Risks

May 17, 2022/2 min read

Building security into existing source code management workflows

By James Rabon

Tags: Software Integrity, Build Secure Software, DevSecOps, Orchestration & Correlation

May 12, 2022/3 min read

Two-factor authentication misconfiguration bypass

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Web AppSec, Internet of Things

May 10, 2022/3 min read

Black Duck Open Source Audits: Working through licensing issues like a pro

By Phil Odence

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

May 08, 2022/1 min read

Product Security Advisory: Reflected cross-site scripting in Black Duck Hub

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Apr 27, 2022/1 min read

Synopsys to expand portfolio, SaaS offerings with WhiteHat Security acquisition

By Jason Schmitt

Tags: DAST, Software Integrity, Security News & Research

Apr 19, 2022/1 min read

CyRC Vulnerability Analysis: CVE-2022-1271 in gzip, but it’s not as bad as it sounds

By Jonathan Knudsen

Tags: SCA, Software Integrity, Security News & Research, CyRC

Apr 11, 2022/1 min read

CyRC Vulnerability Advisory: Stored XSS in Directus

By David Johansson

Tags: Software Integrity, Security News & Research, CyRC

Apr 06, 2022/4 min read

What is the maturity level of your AppSec program?

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks

Apr 05, 2022/1 min read

AppSec Decoded: Is an SBOM a silver bullet for software supply chain security?

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Software Supply Chain, Compliance

Mar 31, 2022/4 min read

BYOD in the workforce: MDM and MAM with Microsoft Intune

By Synopsys Editorial Team

Tags: Software Integrity, Mobile, Manage Security Risks, Internet of Things

Mar 29, 2022/1 min read

CyRC Vulnerability Analysis: Two distinct Spring vulnerabilities discovered – Spring4Shell and CVE-2022-22963

By Jonathan Knudsen

Tags: SCA, Software Integrity, Security News & Research, CyRC

Mar 20, 2022/3 min read

How to cybersecurity: Software supply chain security is much bigger than you think

By Jonathan Knudsen

Tags: SCA, Software Integrity, Software Supply Chain

Mar 15, 2022/4 min read

What is a software bill of materials?

By Fred Bals

Tags: SCA, Software Integrity, Software Supply Chain

Mar 14, 2022/7 min read

NIST provides recommended criteria for cybersecurity labeling for consumer software and IoT products

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, Internet of Things

Mar 10, 2022/5 min read

Synopsys contributes to the Linux Foundation Census II of the most widely used open source application libraries

By Synopsys Editorial Team

Tags: SCA, Software Integrity

Mar 07, 2022/1 min read

#BreakTheBias: A conversation about tackling gender equality in the workforce

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Feb 20, 2022/10 min read

Navigating the road ahead for automotive cybersecurity

By Synopsys Editorial Team

Tags: Software Integrity, Pen Testing, Threat Modeling, Manage Security Risks, Automotive

Feb 15, 2022/3 min read

Black History Month: Uplifting voices at Synopsys

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Feb 14, 2022/3 min read

What the cybersecurity executive order means for the private sector

By Mike McGuire

Tags: Software Integrity, Compliance, Public Sector

Feb 10, 2022/4 min read

How to cybersecurity: Gravity is a harsh mistress

By Jonathan Knudsen

Tags: Software Integrity, Build Secure Software, DevSecOps, Manage Security Risks

Feb 09, 2022/4 min read

Code Sight Standard Edition: Application security optimized for the needs of developers

By Raj Kesarapalli

Tags: SCA, Software Integrity, Security News & Research, Build Secure Software, DevSecOps, SAST

Feb 01, 2022/1 min read

AppSec Decoded: Building security into DevSecOps

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, DevSecOps

Jan 26, 2022/2 min read

CyRC Vulnerability Analysis: Local privilege escalation vulnerability discovered

By Synopsys Cybersecurity Research Center

Tags: SCA, Software Integrity, CyRC

Jan 23, 2022/3 min read

Scale and mature your AppSec program with a managed services partner

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Jan 19, 2022/3 min read

Bob Saget and open source license compliance

By Phil Odence

Tags: SCA, M&A, Software Integrity, Security News & Research, Software Supply Chain, OSS License Compliance

Jan 18, 2022/6 min read

Five Cryptography best practices for developers

By Charlotte Freeman

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Training

Jan 02, 2022/2 min read

Software due diligence: The home inspection of tech M&A

By Phil Odence

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Dec 20, 2021/1 min read

AppSec Decoded: A proactive approach to building trust in your software supply chain

By Synopsys Editorial Team

Tags: Software Integrity, Software Supply Chain, Compliance, Public Sector

Dec 15, 2021/8 min read

Detecting Log4j (Log4Shell): Mitigating the impact on your organization

By Michael White

Tags: SCA, Software Integrity, Compliance, SAST

Dec 14, 2021/5 min read

How to cyber security: Software supply chain risk management

By Jonathan Knudsen

Tags: SCA, Software Integrity, Software Supply Chain, SAST

Dec 10, 2021/5 min read

CyRC Vulnerability Analysis: Remote code execution zero-day exploit in Java logging library (log4j2)

By Synopsys Editorial Team

Tags: SCA, Software Integrity, CyRC

Dec 08, 2021/5 min read

Safety Detectives interview with Tim Mackey

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Build Secure Software, Software Supply Chain, Manage Security Risks

Dec 07, 2021/2 min read

CyRC Vulnerability Advisory: Multiple vulnerabilities discovered in GOautodial

By Scott Tolley

Tags: Software Integrity, Security News & Research, IAST, CyRC

Nov 29, 2021/7 min read

Six Python security best practices for developers

By Boris Cipot

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Training

Nov 21, 2021/6 min read

Effective software security activities for managing supply chain risks

By Chai Bhat

Tags: Software Integrity, Program Strategy & Planning, Software Supply Chain, Cloud Security, Container Security

Nov 16, 2021/2 min read

Don’t let Trojan Source sneak into your code

By Synopsys Editorial Team

Tags: Software Integrity, SAST

Nov 09, 2021/3 min read

A stitch in BIND saves nine

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC

Nov 01, 2021/3 min read

Top seven logging and monitoring best practices

By Ashutosh Rana

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Training

Oct 28, 2021/1 min read

AppSec Decoded: Why Biden’s executive order should be on your radar

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Public Sector

Oct 25, 2021/8 min read

How to cybersecurity: Heartbleed deep dive

By Jonathan Knudsen

Tags: Software Integrity, Compliance

Oct 17, 2021/7 min read

Top 10 Spring Security best practices for Java developers

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Web AppSec

Oct 12, 2021/2 min read

CyRC Vulnerability Advisory: SQL injection, path traversal leading to arbitrary file deletion and XSS in Nagios XI

By Scott Tolley

Tags: Software Integrity, Security News & Research, IAST, CyRC

Oct 07, 2021/5 min read

BSIMM: Top five software security activities that create a better software security initiative

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Sep 30, 2021/2 min read

Fostering DevSecOps: Tool orchestration enables AppSec to keep pace with DevOps | Synopsys

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Orchestration & Correlation

Sep 27, 2021/1 min read

AppSec Decoded: Cyber security measures for technology buyers and suppliers

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Software Supply Chain, Public Sector

Sep 21, 2021/2 min read

Integrating static analysis tools with build servers for continuous assurance | Synopsys

By Synopsys Editorial Team

Tags: Software Integrity, Manage Security Risks, Orchestration & Correlation

Sep 14, 2021/1 min read

A new approach to AppSec

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Manage Security Risks, Orchestration & Correlation

Sep 10, 2021/4 min read

Strengthen your cloud security posture with Azure Sentinel

By Synopsys Editorial Team

Tags: Software Integrity, Cloud Security, Manage Security Risks

Sep 09, 2021/5 min read

ASOC series part 2: How to scale AppSec with application security automation

By Synopsys Editorial Team

Tags: Software Integrity, DevSecOps, Manage Security Risks, Orchestration & Correlation

Sep 02, 2021/7 min read

ASOC series part 1: How application security orchestration and correlation can improve DevSecOps efficiency

By Synopsys Editorial Team

Tags: Software Integrity, DevSecOps, Manage Security Risks, Orchestration & Correlation

Sep 01, 2021/6 min read

New banking paradigm requires better security paradigm

By Taylor Armerding

Tags: Software Integrity, Financial Services, Manage Security Risks

Aug 26, 2021/4 min read

Managing license compliance with Black Duck SCA

By Mike McGuire

Tags: Software Integrity, Manage Security Risks

Aug 19, 2021/6 min read

Reflections on trusting plugins: Backdooring Jenkins builds

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software

Aug 09, 2021/5 min read

Keep infrastructure as code secure with Synopsys

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Aug 09, 2021/2 min read

Why penetration testing needs to be part of your IoT security

By Debrup Ghosh

Tags: Software Integrity, Build Secure Software, Pen Testing

Aug 04, 2021/5 min read

How to run your CodeXM checker

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Training, SAST

Jul 29, 2021/1 min read

AppSec Decoded: New executive order changes dynamic of software security standards

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Build Secure Software, Software Supply Chain, Compliance, Manage Security Risks, Public Sector

Jul 27, 2021/2 min read

Build developer trust with faster, accurate AppSec testing from Rapid Scan

By Scott Johnson

Tags: SCA, Agile, CI/CD, Software Integrity, Build Secure Software, SAST

Jul 21, 2021/2 min read

Shift even further left with blazing-fast Rapid Scan SAST

By Anna Chiang

Tags: Software Integrity, Build Secure Software, SAST

Jul 19, 2021/4 min read

Practical solutions for a secure automotive software development process following ISO/SAE 21434

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Build Secure Software, Compliance, Automotive

Jul 11, 2021/6 min read

Reduce open source software risks in your supply chain

By Synopsys Editorial Team

Tags: Software Integrity, Software Supply Chain

Jul 08, 2021/3 min read

Getting started with writing checkers using CodeXM

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Jun 30, 2021/2 min read

Optimizing software composition analysis for developer workflows with Black Duck Rapid Scan

By Mike McGuire

Tags: SCA, Software Integrity, Build Secure Software

Jun 28, 2021/3 min read

How to cyber security: Embedding security into every phase of the SDLC

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Jun 25, 2021/4 min read

How an open source software audit works

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Jun 21, 2021/8 min read

CyRC Vulnerability Advisory: Denial-of-service vulnerabilities in Zephyr Bluetooth LE stack

By Matias Karhumaa

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC

Jun 17, 2021/1 min read

Reduce open source risk in M&A with software due diligence

By Synopsys Editorial Team

Tags: SCA, M&A, Software Integrity, OSS License Compliance

Jun 15, 2021/5 min read

Ransomware prevention begins with securing your applications

By Taylor Armerding

Tags: Software Integrity, Public Sector

Jun 14, 2021/4 min read

Data privacy laws drive urgency to create a data security strategy

By Anna Chiang

Tags: Software Integrity, Compliance, Manage Security Risks

Jun 10, 2021/6 min read

How to achieve MISRA and AUTOSAR coding compliance

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Build Secure Software, Compliance, Automotive

Jun 07, 2021/1 min read

CyRC Vulnerability Advisory: Denial of service vulnerabilities in RabbitMQ, EMQ X, and VerneMQ

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Security News & Research, Compliance, CyRC

Jun 06, 2021/3 min read

Code Dx brings game-changing capabilities to Synopsys

By Jim Ivers

Tags: Software Integrity, Security News & Research, Orchestration & Correlation

Jun 06, 2021/3 min read

Web application security testing at scale with Coverity SAST

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST, Web AppSec, Manage Security Risks

Jun 01, 2021/3 min read

Addressing 5G security with threat modeling

By Chai Bhat

Tags: Software Integrity, Threat Modeling, Manage Security Risks, Internet of Things

May 25, 2021/4 min read

A CISO’s guide to sensitive data protection

By Anna Chiang

Tags: Software Integrity, Compliance, Manage Security Risks

May 24, 2021/2 min read

How to protect your Wi-Fi devices from new FragAttacks vulnerabilities

By Tuomo Untinen

Tags: Software Integrity, Fuzzing, Manage Security Risks

May 12, 2021/4 min read

Cybersecurity Executive Order requires new software security standards

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Compliance, Public Sector

May 10, 2021/5 min read

Open source license compliance and dependencies: Peeling back the licensing layers

By Matt Jacobs

Tags: M&A, Software Integrity, OSS License Compliance

May 06, 2021/8 min read

Top 10 DevSecOps best practices for building secure software

By Sneha Kokil

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, AppSec Best Practices, DevSecOps

May 03, 2021/6 min read

Biden on cyber security after 100 days: A good start, but now comes the hard part

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Manage Security Risks, Public Sector

Apr 23, 2021/4 min read

How to cyber security: 5G is not magic

By Jonathan Knudsen

Tags: Software Integrity, Build Secure Software, Internet of Things

Apr 15, 2021/3 min read

Securing the IoT tsunami

By Chai Bhat

Tags: Software Integrity, Manage Security Risks, Internet of Things

Apr 14, 2021/3 min read

The 411 on Stack Overflow and open source license compliance

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Apr 09, 2021/3 min read

Penetration testing: A yearly physical for your applications

By Debrup Ghosh

Tags: Software Integrity, Build Secure Software, Pen Testing, Web AppSec

Apr 08, 2021/12 min read

Integrating fuzzing into DevSecOps

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Build Secure Software, DevSecOps

Apr 06, 2021/4 min read

Don’t be the weak link in your customers’ supply chain security

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Software Supply Chain, Public Sector

Mar 29, 2021/2 min read

Synopsys CyRC named a CVE Numbering Authority

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Program Strategy & Planning, Compliance, CyRC

Mar 24, 2021/3 min read

Hacking medical devices: Five ways to inoculate yourself from attacks

By Chandu Ketkar

Tags: Software Integrity, Security News & Research, Medical Devices

Mar 21, 2021/5 min read

Closing the gender gap in today’s tech industry

By Sneha Kokil

Tags: Software Integrity, Security News & Research

Mar 17, 2021/11 min read

WLAN under fuzzing with Defensics

By Tuomo Untinen, Kari Hulkko

Tags: Software Integrity, Fuzzing, Build Secure Software

Mar 15, 2021/4 min read

Why should DevOps teams choose IAST?

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, IAST

Mar 11, 2021/6 min read

Don’t let supply chain security risks poison your organization

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Software Supply Chain, Public Sector

Mar 10, 2021/4 min read

Get earlier, actionable vulnerability insights from Black Duck Security Advisories

By Mike McGuire

Tags: SCA, Software Integrity, Software Supply Chain, Manage Security Risks

Mar 01, 2021/2 min read

CyRC Vulnerability Advisory: Denial of service vulnerability in Jetty web server

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Security News & Research, Program Strategy & Planning, CyRC

Feb 23, 2021/5 min read

How to cyber security: Containerizing fuzzing targets

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software

Feb 23, 2021/5 min read

Analysis of an attack on automotive keyless entry systems

By Dr. Dennis Kengo Oka

Tags: Software Integrity, Build Secure Software, Automotive

Feb 09, 2021/3 min read

8 must-have features in an IAST solution

By Synopsys Editorial Staff

Tags: Software Integrity, IAST, Manage Security Risks

Feb 03, 2021/4 min read

How to integrate automated AST tools in your CI/CD pipeline

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Feb 01, 2021/1 min read

AppSec Decoded: Manufacturing more-secure IoT devices

By Synopsys Editorial Team

Tags: Software Integrity, Manage Security Risks, Internet of Things

Jan 26, 2021/4 min read

Discovery capabilities: A core differentiator for Black Duck SCA

By Mike McGuire

Tags: SCA, Software Integrity, Build Secure Software, OSS License Compliance

Jan 26, 2021/7 min read

Securing your code: GDPR best practices for application security

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Compliance, AppSec Best Practices, Manage Security Risks

Jan 24, 2021/3 min read

How to manage open source risks using Black Duck SCA

By Shandra Gemmiti

Tags: SCA, Software Integrity

Jan 21, 2021/6 min read

How to evaluate the ROI of your software security program

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Jan 21, 2021/7 min read

How to cyber security: Faceplanting in 10 lines of code

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Jan 19, 2021/4 min read

Demystifying CVSS Scoring

By Mike McGuire

Tags: SCA, Software Integrity

Jan 04, 2021/6 min read

Don’t get overwhelmed with trivial defects. Manage them!

By Taylor Armerding

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, DevSecOps

Dec 28, 2020/8 min read

DevSecOps: The good, the bad, and the ugly

By Nivedita Murthy

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Dec 21, 2020/5 min read

Things to consider when choosing a software composition analysis tool

By Shandra Gemmiti

Tags: SCA, Software Integrity, Build Secure Software

Dec 16, 2020/2 min read

CyRC analysis: Authentication bypass vulnerability in Bouncy Castle

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Security News & Research, Compliance, CyRC

Dec 16, 2020/4 min read

How to cyber security: Software security is everyone’s responsibility

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Manage Security Risks

Dec 14, 2020/10 min read

How to build a serial port fuzzer with Defensics SDK

By Kari Hulkko

Tags: Software Integrity, Fuzzing, Build Secure Software

Dec 10, 2020/6 min read

Fuzzing Bitcoin with the Defensics SDK, part 2: Fuzz the Bitcoin protocol

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software, Training

Dec 08, 2020/4 min read

6 Findings from DevSecOps Practices' Survey

By Fred Bals

Tags: Software Integrity, AppSec Best Practices, DevSecOps, Manage Security Risks

Dec 02, 2020/6 min read

Configure security tools for effective DevSecOps

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, DevSecOps

Dec 01, 2020/5 min read

Fuzzing Bitcoin with the Defensics SDK, part 1: Create your network

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software

Nov 19, 2020/4 min read

Four requirements for open source vulnerability management in a DevOps environment

By Shandra Gemmiti

Tags: SCA, Software Integrity, Software Supply Chain

Nov 18, 2020/3 min read

Automotive threat analysis and risk assessment method

By Jacob Wilson

Tags: Software Integrity, Compliance, Manage Security Risks, Automotive

Nov 16, 2020/7 min read

Can your security keep pace in a DevOps environment?

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Manage Security Risks

Nov 12, 2020/5 min read

How to cyber security: Gotta go fast … but why?

By Jonathan Knudsen

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, DevSecOps

Nov 10, 2020/6 min read

The roles and responsibilities that lead to better software security initiatives

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Nov 09, 2020/3 min read

Three DevSecOps challenges and how to mitigate them

By Patrick Carey

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, Training, DevSecOps

Nov 05, 2020/4 min read

Cyber security assurance levels in the automotive supply chain

By Jacob Wilson

Tags: Software Integrity, Compliance, Manage Security Risks, Automotive

Oct 28, 2020/5 min read

CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing

By Tuomo Untinen, Kari Hulkko

Tags: Software Integrity, Fuzzing, Security News & Research, Compliance

Oct 21, 2020/1 min read

AppSec Decoded: The security dilemma of IoT devices

By Synopsys Editorial Team

Tags: Software Integrity, Manage Security Risks, Internet of Things

Oct 18, 2020/6 min read

Get effective DevSecOps with version control

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, DevSecOps

Oct 12, 2020/3 min read

Are you ready for ISO SAE 21434 Cybersecurity of Road Vehicles?

By Jacob Wilson

Tags: Software Integrity, Compliance, Manage Security Risks, Automotive

Sep 30, 2020/3 min read

Making SCA part of your AST Strategy

By Fred Bals

Tags: SCA, Software Integrity, Security News & Research, Software Supply Chain

Sep 27, 2020/2 min read

CyRC Vulnerability Advisory: Authentication bypass vulnerabilities in multiple wireless router chipsets (CVE-2019-18989, CVE-2019-18990, and CVE-2019-18991)

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Fuzzing, Security News & Research, CyRC

Sep 23, 2020/6 min read

Open source licenses: No license, no problem? Or … not?

By Matt Jacobs

Tags: SCA, M&A, Software Integrity, OSS License Compliance

Sep 17, 2020/5 min read

MITRE releases 2020 CWE Top 25 most dangerous software weaknesses

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, AppSec Best Practices

Sep 10, 2020/4 min read

TANSTAAFL! The tragedy of the commons meets open source software

By Fred Bals

Tags: Software Integrity, Manage Security Risks

Aug 27, 2020/3 min read

Black Duck continues to expand vulnerability prioritization methods

By Mike McGuire

Tags: SCA, Software Integrity, Security News & Research

Aug 25, 2020/4 min read

Developing a COVID-19 track and trace app — through the lens of Synopsys

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Secure Software, Threat & Risk Assessment, Mobile, IAST, SAST, Public Sector

Aug 03, 2020/12 min read

Apache Struts research at scale, Part 3: Exploitation

By Christopher Fearon

Tags: Software Integrity, Security News & Research, Compliance, CyRC

Jul 28, 2020/7 min read

Security bugs and flaws: Both bad, but in different ways

By Taylor Armerding

Tags: SCA, Software Integrity, Build Secure Software, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Jul 21, 2020/7 min read

Are you making software security a requirement?

By Jamie Boote

Tags: Software Integrity, Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks

Jul 13, 2020/7 min read

How to Cyber Security: Fuzz a tank

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software

Jul 05, 2020/5 min read

Open source audits: The secret ingredient for successful M&A

By Shandra Gemmiti

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Jul 01, 2020/8 min read

Find more bugs by detecting failure better: An introduction to SanitizerProcessMonitorAgent

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software

Jun 29, 2020/4 min read

Are you following the top 10 software security best practices?

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Manage Security Risks

Jun 18, 2020/3 min read

An introduction to installing Black Duck

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Secure Software

Jun 11, 2020/11 min read

Authentication Token Obtain and Replace (ATOR) Burp plugin to handle complex login sequences

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software

Jun 04, 2020/2 min read

How to overcome the top 6 application security challenges

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Jun 01, 2020/3 min read

Why developers need a supplemental source to NVD vulnerability data

By Fred Bals

Tags: SCA, Software Integrity, Build Secure Software

May 19, 2020/5 min read

Are you ready for API security?

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Threat Modeling, Manage Security Risks

May 13, 2020/3 min read

Critical gap in developer security training puts applications at risk

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Training

May 11, 2020/8 min read

How to Cyber Security: Fuzzing does not mean random

By Jonathan Knudsen

Tags: Software Integrity, Fuzzing, Build Secure Software

May 06, 2020/4 min read

3 ways to boost your security with role-based security compliance training

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Compliance, AppSec Best Practices, Training

May 04, 2020/2 min read

3 long-term benefits of an application security training strategy

By Synopsys Editorial Staff

Tags: Software Integrity, Build Secure Software, Training

Apr 27, 2020/15 min read

CyRC analysis: CVE-2020-7958 biometric data extraction in Android devices

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Compliance, CyRC

Apr 21, 2020/3 min read

The Complete Application Security Checklist

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Apr 15, 2020/7 min read

What the open source community can teach the suddenly remote workforce

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Training

Apr 13, 2020/1 min read

CyRC Vulnerability Advisory: CVE-2020-7958 biometric data disclosure vulnerability in OnePlus 7 Pro Android phone

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Mobile, CyRC

Apr 13, 2020/5 min read

How to Cyber Security: Application security is critical for data security

By Jonathan Knudsen

Tags: Software Integrity, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Apr 07, 2020/3 min read

How 5G and IoT devices open up the attack surface on enterprises

By Synopsys Editorial Staff

Tags: Software Integrity, Fuzzing, Manage Security Risks, Internet of Things

Apr 01, 2020/3 min read

What is the Ghostcat vulnerability (CVE-2020-1938)?

By Tanay Sethi

Tags: SCA, Software Integrity, Security News & Research, Compliance

Mar 30, 2020/3 min read

3 ways to improve your software development skills

By Synopsys Editorial Staff

Tags: Software Integrity, Security News & Research, Training

Mar 22, 2020/5 min read

How to deal with legacy vulnerabilities

By Taylor Armerding

Tags: SCA, Software Integrity, Manage Security Risks

Mar 16, 2020/6 min read

What is security debt, and how do I get out of it?

By Taylor Armerding

Tags: SCA, Software Integrity, Program Strategy & Planning, Build Secure Software, Manage Security Risks

Mar 12, 2020/4 min read

How do you effectively remediate the increasing sea of vulnerabilities?

By Shandra Gemmiti

Tags: SCA, Software Integrity, Software Supply Chain

Mar 11, 2020/7 min read

Apache Struts research at scale, Part 2: Execution environments

By Christopher Fearon

Tags: Software Integrity, Security News & Research, Compliance, CyRC

Mar 10, 2020/3 min read

How does IAST fit into DevSecOps?

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, IAST, DevSecOps

Mar 04, 2020/5 min read

5G: Vast potential, but better security needed

By Synopsys Editorial Staff

Tags: Software Integrity, Fuzzing, Mobile, Manage Security Risks, Internet of Things

Mar 03, 2020/3 min read

Thoreau’s ‘simplify’ exhortation hovers over RSA

By Taylor Armerding

Tags: Software Integrity, Manage Security Risks

Feb 19, 2020/6 min read

Want to comply with privacy laws? Start with security

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Compliance, Manage Security Risks, Public Sector

Feb 18, 2020/5 min read

There’s no such thing as TMI when it comes to open source software

By Fred Bals

Tags: SCA, Software Integrity, Security News & Research

Feb 13, 2020/11 min read

Top 10 FOSS legal developments in 2019

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, OSS License Compliance

Feb 12, 2020/3 min read

Find and fix open source and proprietary code security defects in the IDE with Polaris and Code Sight

By Patrick Carey

Tags: SCA, Software Integrity, Security News & Research, Build Secure Software, DevSecOps, SAST

Feb 04, 2020/3 min read

Extending Black Duck’s capability with Red Hat OpenShift to scan Red Hat Quay images

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Container Security

Feb 04, 2020/4 min read

Mobile security app-titude best practices for secure app design and data privacy

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Mobile

Feb 02, 2020/5 min read

Ask the Experts: What’s most rewarding about your career in cyber security?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Build Secure Software, Manage Security Risks

Jan 22, 2020/5 min read

Coverity & Black Duck together. Better. Faster. Stronger.

By Fred Bals

Tags: SCA, Software Integrity, Build Secure Software, SAST

Jan 19, 2020/4 min read

Synopsys adds GitHub Action for SAST and SCA

By Synopsys Editorial Team

Tags: SCA, Agile, CI/CD, Software Integrity, Build Secure Software, SAST

Jan 08, 2020/1 min read

Synopsys acquires Tinfoil Security, DAST and API testing solutions provider

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Security News & Research

Jan 07, 2020/7 min read

The journey to better medical device security: Still slow, still bumpy

By Taylor Armerding

Tags: Software Integrity, Build Secure Software, AppSec Best Practices, Medical Devices, Healthcare

Dec 17, 2019/5 min read

Mackey: Security isn’t ‘front of mind’ in the IoT

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Internet of Things

Dec 10, 2019/7 min read

Cost of data breaches in 2019: The 4 worst hits on the corporate wallet

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, Public Sector

Dec 08, 2019/3 min read

How to Cyber Security: Software is critical infrastructure

By Jonathan Knudsen

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks, Public Sector

Nov 25, 2019/6 min read

The blockchain train: Get on board—with caution

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Container Security

Nov 19, 2019/4 min read

SAST vs. SCA: What’s the difference? Do I need both?

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Secure Software, SAST

Nov 18, 2019/3 min read

Integrating Coverity Scan with GitLab CI

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, SAST

Nov 12, 2019/3 min read

Blue Yonder: Extending their SDLC to remediate open source issues

By Fred Bals

Tags: SCA, Software Integrity

Nov 11, 2019/3 min read

How to Cyber Security: Unicorns and donkeys

By Jonathan Knudsen

Tags: Software Integrity, Program Strategy & Planning, Training, Manage Security Risks

Oct 30, 2019/7 min read

It’s past time to put passwords out of our misery

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Threat & Risk Assessment

Oct 28, 2019/7 min read

The due diligence of a deal

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Oct 24, 2019/11 min read

Apache Struts research at scale, Part 1: Building 115 versions of Struts

By Christopher Fearon

Tags: Software Integrity, Security News & Research, Compliance, CyRC

Oct 22, 2019/6 min read

Don’t let your supply chain undermine your security

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Software Supply Chain

Oct 10, 2019/2 min read

CloudBees and Synopsys: Putting “Sec” into DevSecOps

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Oct 09, 2019/8 min read

Best practices for secure application development

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, AppSec Best Practices

Oct 01, 2019/5 min read

Seeker FAQ: Interactive application security testing and CI/CD

By Kimm Yeo

Tags: Agile, CI/CD, Software Integrity, Security News & Research, IAST

Sep 30, 2019/4 min read

Wormwood – An Explicit Way to Test Absinthe GraphQL APIs

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Secure Software

Sep 26, 2019/2 min read

Coverity release ties in well to the latest MITRE CWE Top 25

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Security News & Research, Compliance, SAST

Sep 24, 2019/7 min read

Hackers needed to defeat hackers

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Training

Sep 20, 2019/4 min read

Q&A: Fuzz testing, agent instrumentation, and Defensics

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Build Secure Software

Sep 11, 2019/2 min read

Let’s Talk Licenses: Beware the Beerware License

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Sep 10, 2019/7 min read

Awash in regulations, companies struggle with compliance

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, Public Sector

Aug 27, 2019/3 min read

What are the different types of security vulnerabilities?

By Synopsys Editorial Team

Tags: Software Integrity, Web AppSec, Manage Security Risks

Aug 15, 2019/2 min read

Review of Apache Struts vulnerabilities yields 24 updated advisories

By Tim Mackey

Tags: Software Integrity, Security News & Research, CyRC

Aug 14, 2019/2 min read

[Infographic] Financial cybersecurity by the numbers

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Financial Services

Aug 12, 2019/6 min read

The license and security risks of using Node.js

By Synopsys Editorial Team

Tags: Software Integrity, Web AppSec, Manage Security Risks

Aug 05, 2019/5 min read

Ask the Experts: How can we prevent ransomware attacks?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Program Strategy & Planning, Training

Jul 31, 2019/7 min read

Apollo 11 software lessons still relevant today

By Taylor Armerding

Tags: Software Integrity, Compliance, Manage Security Risks, Public Sector

Jul 30, 2019/3 min read

3 use cases where source code scanning doesn’t cut it

By Shandra Gemmiti

Tags: SCA, Software Integrity

Jul 16, 2019/5 min read

Securing software development: NIST joins the parade

By Taylor Armerding

Tags: Software Integrity, Program Strategy & Planning, Compliance, Manage Security Risks

Jul 16, 2019/2 min read

Top 3 cloud security trends for 2019

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Cloud Security, Manage Security Risks

Jul 15, 2019/4 min read

Why hackers are targeting your web apps (and how to stop them)

By Taylor Armerding

Tags: Software Integrity, Web AppSec, Manage Security Risks

Jul 09, 2019/1 min read

Join Synopsys at codenomi-con and Black Hat USA 2019

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Jul 02, 2019/6 min read

Patch now or pay later: Report

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Jun 26, 2019/3 min read

Top 3 operational open source risk factors

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Jun 24, 2019/7 min read

More medical mega-breaches thanks to third-party insecurity

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Program Strategy & Planning, Healthcare

Jun 19, 2019/7 min read

Web AppSec interview questions every company should ask

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Web AppSec, Manage Security Risks

Jun 18, 2019/6 min read

Q&A: Interactive application security testing (IAST) and Seeker

By Asma Zubair

Tags: Software Integrity, IAST, Manage Security Risks

Jun 13, 2019/5 min read

You’re using open source software, and you need to keep track of it

By Taylor Armerding

Tags: SCA, Software Integrity, OSS License Compliance

Jun 11, 2019/4 min read

The Verizon DBIR and the art of the breach

By Asma Zubair

Tags: Software Integrity, Security News & Research, Threat & Risk Assessment

Jun 10, 2019/8 min read

Ask the Experts: Should the US have a data privacy law similar to GDPR?

By Synopsys Editorial Team

Tags: Software Integrity, Compliance, Manage Security Risks, Public Sector

Jun 04, 2019/6 min read

It’s not just autonomous cars of the future that need security

By Taylor Armerding

Tags: Software Integrity, Build Secure Software, Manage Security Risks, Automotive

May 24, 2019/3 min read

How are code quality and code security related?

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST, Web AppSec, Internet of Things

May 16, 2019/4 min read

Don’t let insider threats rain on your cloud deployment

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Manage Security Risks

May 08, 2019/1 min read

Announcing Code Sight 2019.4

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Build Secure Software, SAST

May 06, 2019/4 min read

Synopsys and Red Hat OpenShift 4: One smooth Operator!

By Synopsys Editorial Team

Tags: Software Integrity, Container Security

May 02, 2019/5 min read

Feds seek to up their cybersecurity game

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Internet of Things, Public Sector

Apr 18, 2019/2 min read

Are you making these software standards compliance mistakes?

By Synopsys Editorial Team

Tags: Software Integrity, Compliance, Manage Security Risks

Apr 17, 2019/3 min read

The Synopsys Cybersecurity Research Center (CyRC): Advancing the state of software security

By Tim Mackey

Tags: Software Integrity, Security News & Research, CyRC

Apr 09, 2019/4 min read

Complex but helpful: Negotiating FDA guidance to build a cybersecurity program

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Healthcare

Mar 27, 2019/5 min read

The cyber-physical convergence is accelerating—and so are the risks

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Internet of Things

Mar 21, 2019/4 min read

Want to secure your apps? Build security in with the right toolchain

By Taylor Armerding

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, Threat & Risk Assessment, Manage Security Risks

Mar 13, 2019/5 min read

Bug bounties: A good tool, but don’t make them the only tool in security

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Web AppSec

Mar 12, 2019/4 min read

The days (and nights) of an ‘always on’ sales engineer

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Feb 28, 2019/5 min read

Connected cars need better connection to cybersecurity

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Automotive

Feb 21, 2019/5 min read

Advances in healthcare security since the Anthem data breach

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Manage Security Risks, Healthcare

Feb 11, 2019/2 min read

3 takeaways from “Managing the Business Risks of Open Source” webinar

By Fred Bals

Tags: SCA, Software Integrity, Security News & Research, Manage Security Risks, OSS License Compliance

Feb 06, 2019/5 min read

Study shows security challenges in the auto industry

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Automotive

Feb 05, 2019/2 min read

Container scanning for security with Black Duck OpsSight 2.2

By Synopsys Editorial Team

Tags: Software Integrity, Container Security

Jan 30, 2019/2 min read

How to “shift left” with application security tools, and how not to

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Jan 29, 2019/7 min read

Why dependencies matter for SAST

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Training, SAST

Jan 29, 2019/3 min read

Server-side GraphQL Querying with Elixir Absinthe

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Security News & Research

Jan 24, 2019/5 min read

The future of open source software: More of everything

By Taylor Armerding

Tags: SCA, Software Integrity, OSS License Compliance

Jan 16, 2019/3 min read

Throwback Thursday: Whatever happened to Stuxnet?

By Taylor Armerding

Tags: Software Integrity, Manage Security Risks

Jan 15, 2019/4 min read

Top 10 software vulnerability list for 2019

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Mobile, Web AppSec

Jan 10, 2019/5 min read

GAO report confirms major gaps in government cybersecurity

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Automotive, Internet of Things, Public Sector

Dec 19, 2018/3 min read

Next-generation audit reports: Enhanced visibility into open source risks in M&A transactions

By Phil Odence

Tags: M&A, Software Integrity, OSS License Compliance

Dec 04, 2018/6 min read

President’s ‘cybersecurity moonshot’: Transformational or pie in the sky?

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Public Sector

Nov 30, 2018/4 min read

NPM dependencies, supply chain attacks, and Bitcoin wallets

By Ksenia Peguero

Tags: SCA, Software Integrity, Software Supply Chain

Nov 29, 2018/5 min read

Hard questions raised when a software ‘glitch’ takes down an airliner

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, Public Sector

Nov 28, 2018/4 min read

Air gaps in ICS going, going … and so is security

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Nov 20, 2018/2 min read

Should I include CSRF protection on a login form?

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Secure Software

Nov 15, 2018/6 min read

WPA2 encryption bypass: Using Defensics to uncover behavioral vulnerabilities

By Tuomo Untinen

Tags: Software Integrity, Fuzzing, Build Secure Software, Compliance

Nov 14, 2018/1 min read

CyRC Vulnerability Advisory: CVE-2018-18907 authentication bypass vulnerability in D-Link DIR-850L wireless router

By Synopsys Cybersecurity Research Center

Tags: Software Integrity, Fuzzing, Security News & Research, Compliance

Nov 14, 2018/5 min read

Don’t expect jailed CEOs, but Wyden at least puts consumer privacy on the table

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, Public Sector

Nov 13, 2018/1 min read

Today I Learned: Using SCSS in your Vue Components

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Secure Software

Nov 12, 2018/3 min read

GPLv2 and the right to cure

By Matt Jacobs

Tags: Software Integrity, OSS License Compliance

Nov 08, 2018/6 min read

Threats obvious, but electronic voting systems remain insecure

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Public Sector

Nov 06, 2018/2 min read

Shared responsibility model: Who owns cloud security?

By Synopsys Editorial Team

Tags: Software Integrity, Cloud Security, Manage Security Risks

Oct 24, 2018/5 min read

Lance Spitzner: How to secure the human operating system | NCSAM at Synopsys

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Training

Oct 12, 2018/2 min read

Automation: One of the keys to DevSecOps

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Program Strategy & Planning, DevSecOps, Manage Security Risks

Oct 09, 2018/2 min read

Why you need to perform open source due diligence in an M&A transaction

By Fred Bals

Tags: M&A, Software Integrity, OSS License Compliance

Oct 05, 2018/4 min read

Shield your home from spies | NCSAM at Synopsys

By Amit Sethi

Tags: Software Integrity, Security News & Research, Training

Oct 01, 2018/3 min read

CVE-2018-11776 and why you need Black Duck Security Advisories

By Fred Bals

Tags: SCA, Software Integrity, Security News & Research

Sep 26, 2018/3 min read

How and why business is migrating to the cloud

By Taylor Armerding

Tags: Software Integrity, Cloud Security, Manage Security Risks

Sep 23, 2018/4 min read

Tineola: Taking a bite out of enterprise blockchain

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Sep 15, 2018/6 min read

Let’s write more CodeXM checkers (second-stage ignition)

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Sep 13, 2018/3 min read

The IoT within us: Network-connected medical devices

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Medical Devices, Internet of Things, Healthcare

Sep 11, 2018/1 min read

What’s so special about zero-day vulnerabilities?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Sep 06, 2018/2 min read

A Quick Guide to the Complex: Ecto.Multi

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Secure Software

Sep 04, 2018/4 min read

These hacks brought to you by ‘leaky’ APIs

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Web AppSec, Manage Security Risks

Aug 29, 2018/3 min read

The intersection between IAST and SCA and why you need both in your security toolkit

By Tim Mackey

Tags: SCA, Agile, CI/CD, Software Integrity, Build Secure Software, IAST, Manage Security Risks

Aug 28, 2018/2 min read

CVE-2018-11776: The latest Apache Struts vulnerability

By Fred Bals

Tags: SCA, Software Integrity, Security News & Research, CyRC

Aug 27, 2018/3 min read

Securing applications with Coverity’s static analysis results

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Security News & Research, SAST

Aug 20, 2018/2 min read

Integrating Coverity static analysis into development workflows

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, SAST

Aug 15, 2018/3 min read

The Apache Software Foundation can take a joke, but not when it comes to licensing

By Phil Odence

Tags: Software Integrity, Manage Security Risks, OSS License Compliance

Aug 14, 2018/2 min read

The AppSec alphabet soup: A guide to SAST, IAST, DAST, and RASP

By Fred Bals

Tags: Software Integrity, IAST, SAST, Web AppSec, Manage Security Risks

Aug 10, 2018/5 min read

How to help your medical devices meet the UL (and FDA) standard

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Medical Devices, Healthcare

Aug 01, 2018/2 min read

LifeLock lesson—Third party security is your security

By Tim Mackey

Tags: Software Integrity, Security News & Research, Software Supply Chain, Compliance

Aug 01, 2018/3 min read

Slim Docker Images for Rails

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Build Secure Software

Jul 27, 2018/4 min read

SingHealth hit with ‘unprecedented’ cyber attack

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Healthcare

Jul 24, 2018/5 min read

FDA adopts UL 2900-2-1, improves cyber security of connected medical devices

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Medical Devices, Healthcare

Jul 20, 2018/4 min read

Remediating XSS: Does a single fix work?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Build Secure Software, Web AppSec, Manage Security Risks

Jul 15, 2018/2 min read

How RASP complements application security testing to minimize risk

By Synopsys Editorial Team

Tags: Software Integrity, IAST, Web AppSec, Manage Security Risks

Jul 10, 2018/9 min read

Common security challenges in CI/CD workflows

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, SAST, Manage Security Risks

Jul 01, 2018/4 min read

Vulnerable routers are still out there—and hackers are noticing

By Taylor Armerding

Tags: Software Integrity, Security News & Research, SAST, Internet of Things

Jun 15, 2018/3 min read

The what, why, and who of runtime application self-protection (RASP)

By Synopsys Editorial Team

Tags: Software Integrity, Web AppSec, Manage Security Risks

Jun 07, 2018/2 min read

5 DevSecOps essentials and how to achieve them

By Synopsys Editorial Staff

Tags: Agile, CI/CD, Software Integrity, Security News & Research, DevSecOps

May 25, 2018/3 min read

How does the TeenSafe data leak present a classic false sense of security?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Cloud Security

May 08, 2018/9 min read

How to integrate SAST into the DevSecOps pipeline in 5 simple steps

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, DevSecOps, SAST

Apr 30, 2018/4 min read

8 takeaways from NIST’s Application Container Security Guide

By Tim Mackey

Tags: Agile, CI/CD, Software Integrity, Security News & Research, Container Security

Apr 12, 2018/2 min read

Data breaches and more data breaches—oh my!

By Tim Mackey

Tags: Software Integrity, Security News & Research, Compliance

Apr 04, 2018/7 min read

How to break car kits with Bluetooth fuzz testing

By Pekka Oikarainen

Tags: Software Integrity, Fuzzing, Manage Security Risks, Automotive

Apr 03, 2018/5 min read

IMF wants to pierce the blockchain anonymity veil

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Financial Services

Apr 03, 2018/5 min read

Using containers? What’s hidden in your container images?

By Tim Mackey

Tags: Software Integrity, Manage Security Risks, Container Security

Mar 26, 2018/56 min read

Cracking XenForo corpuses: An unsupported sha256(sha256($pass).$salt) hash type

By Travis Biehn

Tags: Software Integrity, Build Secure Software, Training

Mar 21, 2018/8 min read

Detecting Spectre vulnerability exploits with static analysis

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Mar 21, 2018/6 min read

Weighing the pros and cons of open sourcing election software

By Tim Mackey

Tags: Software Integrity, Public Sector

Mar 19, 2018/3 min read

What’s the difference between agile, CI/CD, and DevOps?

By John Steven

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Mar 16, 2018/6 min read

Still just recommendations, not regulation, for IoT security

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Compliance, Internet of Things, Public Sector

Mar 05, 2018/4 min read

Closing the CVE gap still a work in progress

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Mar 02, 2018/3 min read

The GitHub Memcached DDoS: It shouldn't have happened | Synopsys

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Feb 27, 2018/

Subscribe to stay on top of the latest in software security

By Synopsys Editorial Team

Tags: Software Integrity

Feb 20, 2018/4 min read

Can Coverity automatically ignore issues in third-party or noncritical code?

By Kris Diefenderfer

Tags: Software Integrity, Build Secure Software, SAST

Feb 14, 2018/3 min read

Small crypto mining attack points to big browser problem

By Taylor Armerding

Tags: Software Integrity, Security News & Research

Feb 12, 2018/3 min read

In an IoT-filled world, be alert in the wake of ‘Hide and Seek’

By Taylor Armerding

Tags: Software Integrity, Security News & Research, Internet of Things

Jan 30, 2018/5 min read

Migrating to Docker on Black Duck

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Build Secure Software, Container Security

Jan 23, 2018/2 min read

When software is the company, tech due diligence is critical

By Fred Bals

Tags: SCA, M&A, Software Integrity, OSS License Compliance

Jan 19, 2018/1 min read

Is shadow engineering developing your applications?

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Security News & Research

Jan 18, 2018/6 min read

The Data Protection Directive versus the GDPR: Understanding key changes

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Compliance

Jan 10, 2018/1 min read

Manage security risk in GitHub open source projects with CoPilot

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Security News & Research

Jan 09, 2018/4 min read

What does GDPR enforcement mean for your business?

By Stephen Gardner

Tags: Software Integrity, Security News & Research, Compliance

Jan 02, 2018/3 min read

Is breach of the GPL license breach of contract?

By Synopsys Editorial Team

Tags: Software Integrity, OSS License Compliance

Dec 06, 2017/1 min read

PayPal uncovers TIO Networks data breach affecting 1.6 million users

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Nov 29, 2017/7 min read

Attacks on TLS vulnerabilities: Heartbleed and beyond

By Mantej Singh Rajpal

Tags: Software Integrity, Manage Security Risks

Nov 29, 2017/4 min read

Navigating responsible vulnerability disclosure best practices

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, AppSec Best Practices, Manage Security Risks

Nov 15, 2017/2 min read

It’s time to enlist Security Champions to fuel Agile development

By Brendan Sheairs

Tags: Agile, CI/CD, Software Integrity, Security News & Research

Nov 13, 2017/2 min read

Streamlining development with a DevSecOps life cycle

By Apoorva Phadke

Tags: Agile, CI/CD, Software Integrity, Build Secure Software, DevSecOps, Manage Security Risks

Nov 02, 2017/4 min read

How to proactively protect IoT devices from DDoS attacks

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Oct 17, 2017/2 min read

KRACK: Examining the WPA2 protocol flaw and what it means for your business

By Mantej Singh Rajpal

Tags: Software Integrity, Security News & Research

Oct 17, 2017/5 min read

ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Oct 15, 2017/3 min read

What is cloud-native container security?

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Security News & Research, Cloud Security

Oct 12, 2017/1 min read

Black Duck and Google Grafeas: Improving container visibility and security

By Synopsys Editorial Team

Tags: SCA, Agile, CI/CD, Software Integrity, Container Security

Oct 03, 2017/4 min read

Examining Apache Struts remote code execution vulnerabilities

By Christopher Fearon

Tags: Software Integrity, Security News & Research

Sep 29, 2017/5 min read

How to implement security measures without negatively affecting software quality

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Sep 21, 2017/3 min read

Why do companies need a software security program?

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Sep 15, 2017/3 min read

Equifax, Apache Struts, and CVE-2017-5638 vulnerability

By Fred Bals

Tags: Software Integrity, Security News & Research, Software Supply Chain, Manage Security Risks

Sep 14, 2017/3 min read

So Apache broke up with Facebook. How does that affect you?

By Synopsys Editorial Team

Tags: M&A, Software Integrity, Security News & Research, OSS License Compliance

Sep 14, 2017/3 min read

CVE-2017-5638: The Apache Struts vulnerability explained

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Sep 14, 2017/5 min read

Pandora’s box: Exploits show package manager blind spots

By Damon Weinstein

Tags: Software Integrity, Manage Security Risks

Sep 13, 2017/3 min read

What you need to know about BlueBorne Bluetooth flaws

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research, SAST, Internet of Things

Sep 11, 2017/6 min read

Did lack of visibility into Apache Struts lead to the Equifax breach?

By Patrick Carey

Tags: Software Integrity, Security News & Research, Software Supply Chain, Manage Security Risks

Sep 10, 2017/3 min read

Synopsys finds 3 Linux kernel vulnerabilities

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research

Sep 08, 2017/3 min read

What can your firm learn from the unfolding Equifax hack?

By Amit Sethi

Tags: Software Integrity, Security News & Research

Sep 06, 2017/2 min read

“Easy” to hack Apache Struts vulnerability CVE-2017-9805

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Sep 06, 2017/6 min read

A journey through the secure software development life cycle phases

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Aug 28, 2017/4 min read

DEF CON 25 exposes voting system vulnerabilities

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Public Sector

Aug 22, 2017/1 min read

Hub Detect: Comprehensive open source scanning

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Aug 15, 2017/3 min read

Scan nirvana: Hub Detect for all native build and CI tools

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software

Aug 14, 2017/2 min read

The quietly accelerating adoption of the AGPL

By Phil Odence

Tags: Software Integrity, OSS License Compliance

Jul 18, 2017/4 min read

Insecure example code leads to insecure production code

By Mike Lyman

Tags: Software Integrity, Security News & Research, Training

Jul 07, 2017/3 min read

Is threat modeling compatible with Agile and DevSecOps?

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Threat Modeling, Manage Security Risks

Jul 06, 2017/8 min read

Building your DevSecOps pipeline: 5 essential activities

By Meera Rao

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Jun 21, 2017/2 min read

3 permissive licenses and why they deserve a little respect

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Jun 20, 2017/4 min read

A primer on protecting keys and secrets in Microsoft Azure

By Sakthi Mohan

Tags: Software Integrity, Build Secure Software, Manage Security Risks

Jun 13, 2017/3 min read

Introducing Black Duck CoPilot

By Patrick Carey

Tags: Agile, CI/CD, Software Integrity, Security News & Research, Cloud Security

Jun 07, 2017/4 min read

Security topics every software developer should know

By Apoorva Patankar

Tags: Software Integrity, Build Secure Software, Training

Jun 06, 2017/2 min read

Encryption technology in your code impacts export requirements

By Phil Odence

Tags: Software Integrity, Security News & Research

May 30, 2017/3 min read

Why should every eCommerce website have an SSL certificate?

By Jamie Boote

Tags: Software Integrity, Web AppSec, Manage Security Risks

May 30, 2017/2 min read

4 key differences moving from Java to .NET Core

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

May 25, 2017/2 min read

When should threat modeling take place in the SDLC?

By Synopsys Editorial Team

Tags: Software Integrity, Threat Modeling, Manage Security Risks

May 17, 2017/2 min read

Node.js: Preventing common vulnerabilities in the MEAN stack

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Web AppSec, Manage Security Risks

May 09, 2017/5 min read

AngularJS: Preventing common vulnerabilities in the MEAN stack

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Web AppSec

May 08, 2017/3 min read

DoublePulsar continues to expose older Windows boxes: What you need to know

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

May 08, 2017/2 min read

.NET component vulnerability analysis in production

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Security News & Research

May 02, 2017/3 min read

Heartbleed: OpenSSL vulnerability lives on

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Apr 27, 2017/3 min read

What are the signs your web application has been hacked?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Apr 20, 2017/2 min read

ExpressJS: Preventing common vulnerabilities in the MEAN stack (Part 1)

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Web AppSec, Manage Security Risks

Apr 18, 2017/4 min read

How to mitigate third-party security risks

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Threat & Risk Assessment, Manage Security Risks

Apr 13, 2017/5 min read

MongoDB: Preventing common vulnerabilities in the MEAN stack

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Web AppSec

Apr 12, 2017/5 min read

Top 10 free pen tester tools

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Pen Testing, Web AppSec, Manage Security Risks

Apr 05, 2017/7 min read

Attributes of secure web application architecture

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Build Secure Software, Web AppSec, Manage Security Risks

Apr 05, 2017/3 min read

Cloudera IPO: Risk for cyber attacks, lawsuits, and loss of IP?

By Fred Bals

Tags: M&A, Software Integrity, Manage Security Risks, OSS License Compliance

Mar 28, 2017/4 min read

Top 4 software development methodologies

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Build Secure Software

Mar 28, 2017/4 min read

Vulnerability remediation: You only have 4 options

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Training

Mar 27, 2017/4 min read

Does software quality equal software security? It depends

By Synopsys Editorial Team

Tags: SCA, Software Integrity, Fuzzing, Compliance, Manage Security Risks

Mar 23, 2017/6 min read

Swift: Close to greatness in programming language design, Part 2

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Mar 22, 2017/4 min read

Forging a SHA-1 MAC using a length-extension attack in Python

By Mantej Singh Rajpal

Tags: Software Integrity, Build Secure Software, Web AppSec

Mar 22, 2017/3 min read

Vulnerability management and triage in 3 steps

By Synopsys Editorial Team

Tags: Software Integrity, AppSec Best Practices, Manage Security Risks

Mar 19, 2017/2 min read

CVE-2017-2636 strikes Linux kernel with double free vulnerability

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Mar 10, 2017/3 min read

New Apache Struts 2 zero-day vulnerability: What you need to know

By Meera Rao

Tags: SCA, Software Integrity, Security News & Research

Mar 02, 2017/2 min read

Howard Schmidt, the United States’ first Cybersecurity Czar, has died

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Public Sector

Feb 27, 2017/4 min read

Responsible disclosure on a timetable

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Healthcare

Feb 23, 2017/11 min read

AngularJS security series part 1: Angular $http service

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Training, Web AppSec

Feb 23, 2017/3 min read

Cloudbleed, like Heartbleed, may affect millions

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research, Cloud Security, Manage Security Risks

Feb 23, 2017/6 min read

What is dual licensing? 3 software licensing models to consider

By Matt Jacobs

Tags: M&A, Software Integrity, OSS License Compliance

Feb 17, 2017/3 min read

Moving beyond ‘moving left’: The case for developer enablement

By Jim Ivers

Tags: Software Integrity, Training, Manage Security Risks

Feb 16, 2017/2 min read

Examining vulnerability criticality when risk ranking vulnerabilities

By Synopsys Editorial Team

Tags: Software Integrity, Manage Security Risks

Feb 07, 2017/8 min read

How to detect, prevent, and mitigate buffer overflow attacks

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST

Feb 01, 2017/3 min read

An overview of open standards for IoT communication protocols

By Synopsys Editorial Team

Tags: Software Integrity, Compliance, Internet of Things

Jan 24, 2017/2 min read

3 things to consider when risk ranking your applications

By Synopsys Editorial Team

Tags: Software Integrity, Threat & Risk Assessment, Threat Modeling, Manage Security Risks

Jan 12, 2017/3 min read

How much do bugs cost to fix during each phase of the SDLC?

By Arvinder Saini

Tags: Software Integrity, Build Secure Software, Threat & Risk Assessment, Pen Testing, IAST, Manage Security Risks

Dec 27, 2016/8 min read

AngularJS 1.6: Life outside the sandbox

By David Johansson

Tags: Software Integrity, Security News & Research

Dec 15, 2016/2 min read

How to prevent SQL injection attacks: A cheat sheet

By Jamie Boote

Tags: Software Integrity, Build Secure Software, SAST, Manage Security Risks

Dec 08, 2016/3 min read

The fly in the ointment of the JSON license

By Synopsys Editorial Team

Tags: Software Integrity, OSS License Compliance

Nov 28, 2016/4 min read

5 reasons to use third-party authentication instead of creating your own

By Synopsys Editorial Staff

Tags: Software Integrity, Build Secure Software, Compliance, SAST

Nov 28, 2016/3 min read

Here are the top 10 best practices for securing Android apps

By Synopsys Editorial Team

Tags: Software Integrity, AppSec Best Practices, Mobile, Training, Manage Security Risks

Nov 22, 2016/4 min read

Hearts and minds: Culture management vs. human resources

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Nov 20, 2016/5 min read

Sweet32: Time to retire 3DES?

By Amit Sethi

Tags: Software Integrity, Build Secure Software

Nov 14, 2016/1 min read

Set up a software security group in 5 steps

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Nov 13, 2016/7 min read

How to respond to application security incidents

By Synopsys Editorial Team

Tags: Software Integrity, Manage Security Risks

Nov 09, 2016/5 min read

Abuse cases: How to think like a hacker

By Synopsys Editorial Staff

Tags: Software Integrity, Build Secure Software

Nov 07, 2016/5 min read

How to choose between closed source and open source software

By Jamie Boote

Tags: Software Integrity, Build Secure Software, SAST

Nov 07, 2016/5 min read

OSS warranties and indemnities in technology transactions

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Nov 06, 2016/4 min read

How to create an open source management policy

By Matt Jacobs

Tags: Software Integrity, OSS License Compliance

Nov 06, 2016/2 min read

Synopsys expands security signoff solution with Cigital and Codiscope acquisition

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Manage Security Risks

Oct 24, 2016/3 min read

Dyn DDoS attack: IoT vulnerabilities

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Internet of Things

Oct 21, 2016/2 min read

The pursuit of Hapi-ness: 5 must-have Hapi security plugins

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Oct 20, 2016/4 min read

Brace yourselves: Application transport security is coming

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Mobile

Oct 19, 2016/3 min read

Vulnerability management: Designing severity risk ranking systems

By Synopsys Editorial Team

Tags: Software Integrity, Fuzzing, Security News & Research

Oct 14, 2016/3 min read

Open source security management: A question of when, not whether

By Synopsys Editorial Team

Tags: DAST, Software Integrity, Security News & Research, SAST

Oct 13, 2016/5 min read

Why isn’t cyber security taught in schools?

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Training

Oct 06, 2016/4 min read

Guide to open source licenses

By Synopsys Editorial Team

Tags: M&A, Software Integrity, OSS License Compliance

Sep 26, 2016/2 min read

Identifying and resolving software vulnerabilities: A balancing act

By Synopsys Editorial Team

Tags: Software Integrity, Program Strategy & Planning, Manage Security Risks

Sep 25, 2016/1 min read

AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for medical devices

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Compliance, Medical Devices

Sep 21, 2016/2 min read

Why there are at least 6,000 vulnerabilities without CVE-IDs

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Sep 19, 2016/6 min read

AGPL: Out of the shadows

By Synopsys Editorial Team

Tags: M&A, Software Integrity, Security News & Research, OSS License Compliance

Sep 15, 2016/3 min read

The greatest security vulnerability: Humans

By Sakthi Mohan

Tags: Software Integrity, Security News & Research

Sep 15, 2016/1 min read

Software testing included in final ISA / IEC 62443-4-1

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, Compliance

Sep 08, 2016/2 min read

The Complete Security Vulnerability Assessment Checklist

By Synopsys Editorial Team

Tags: Software Integrity, Threat & Risk Assessment, Web AppSec, Manage Security Risks

Sep 06, 2016/2 min read

Heartbleed bug: How it works and how to avoid similar bugs

By Anil Gajawada

Tags: Software Integrity, Web AppSec, Manage Security Risks

Sep 01, 2016/3 min read

Recognizing Another Type of Threat: Non-targeted Attacks

By Synopsys Editorial Team

Tags: Software Integrity, Manage Security Risks

Aug 25, 2016/3 min read

4 ineffective security controls that leave you with a false sense of security

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Training

Aug 25, 2016/2 min read

Pseudorandom number generation means pseudosecurity

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, Training

Aug 18, 2016/6 min read

4 principles of secure software design

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Aug 09, 2016/3 min read

Avoiding false positives in application security through customization

By Synopsys Editorial Team

Tags: Software Integrity, Build Secure Software, SAST, Web AppSec, Manage Security Risks

Aug 02, 2016/5 min read

An escape room called the ‘AngularJS sandbox’

By Ksenia Peguero

Tags: Software Integrity, Build Secure Software

Jul 19, 2016/2 min read

Web application security threats and countermeasures

By Synopsys Editorial Team

Tags: Software Integrity, Web AppSec, Manage Security Risks

Jul 13, 2016/3 min read

The 5 pillars of a successful threat model

By Synopsys Editorial Staff

Tags: Software Integrity, Threat Modeling, Manage Security Risks

Jun 13, 2016/5 min read

How to mitigate the Java deserialization vulnerability in JBoss application servers

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research, AppSec Best Practices

Jun 13, 2016/8 min read

Rocket.Chat: Enabling privately hosted chat services

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

Jun 01, 2016/3 min read

4 threat modeling questions to ask before your next Agile sprint

By Synopsys Editorial Team

Tags: Agile, CI/CD, Software Integrity, Threat Modeling, Manage Security Risks

May 26, 2016/6 min read

What are the real security implications of the Hillary Clinton email scandal?

By Travis Biehn

Tags: Software Integrity, Security News & Research, Manage Security Risks

May 25, 2016/1 min read

For want of a CVE: MITRE’s ongoing CVE backlog

By Synopsys Editorial Team

Tags: Software Integrity, Security News & Research

May 17, 2016/4 min read

10 ways to infuse security into your software development life cycle

By Kris Balarama

Tags: Software Integrity, AppSec Best Practices, Manage Security Risks

May 15, 2016/5 min read