Software Integrity

Archive for the 'Agile Methodology' Category

 

Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for Application Security Testing

I’m proud to report that the 2018 Gartner Magic Quadrant for Application Security Testing has positioned Synopsys as a leader for the second consecutive year. This designation clearly illustrates our growing vision and ability to execute on our solutions. Building a track record of leadership I’d like to take a moment also to call out […]

Continue Reading...

Posted in Agile Methodology, Black Duck by Synopsys, CI/CD, DevOps, Interactive Application Security Testing (IAST)

 

What’s the difference between Agile, CI/CD, and DevOps?

We’ve been seeing a lot of instances recently in which the terms Agile, CI/CD, and DevOps are used interchangeably. 3 different development tools for building your practice You couldn’t build a house with a single tool. Nor can you enable your development practice with one. Agility, CI/CD, and DevOps are three distinct tools, each important […]

Continue Reading...

Posted in Agile Methodology, CI/CD, DevOps

 

Why you need to build AppSec into your DevOps process

Application development thrives on the use of open source components. Why? Quite simply, there are many benefits to using open source components, including the ability to leverage skill sets and expertise of the open source community, take advantage of the efforts of larger development teams, and reduce costs. To use open source components safely and responsibly, organizations […]

Continue Reading...

Posted in Agile Methodology, DevOps, Open Source Licenses, Open Source Security

 

Balancing agility and open source security for DevOps

Lots of DevOps news this week, including why automation is critical for securing code, as well as balancing agility with security needs.  Learn how to manage security in GitHub projects with CoPilot from Black Duck Software. Pre-GDPR, Carphone Warehouse gets hit with £400k fine over a 2015 hack.  And why you should think like your […]

Continue Reading...

Posted in Agile Methodology, DevOps, Open Source Security

 

7 things to consider when transitioning your applications to the cloud

Written in coordination with Ugochukwu Enyioha Organizations are moving their applications to the cloud (or using the cloud as a starting point for application development) at an astonishing rate. According to Forbes, 73% of companies are planning to move to a fully software-defined data center within 2 years. The shift is motivated by three primary […]

Continue Reading...

Posted in Agile Methodology, Cloud Security, DevOps

 

It’s time to enlist Security Champions to fuel Agile development

A 2015 Gartner report estimated that 25% of Global 2000 organizations would be using DevOps and Agile development practices as part of their mainstream strategies by the close of 2016. Our experience with Synopsys customers confirms this prediction has come true. In Agile development, passes through the software development life cycle (SDLC) occur more often […]

Continue Reading...

Posted in Agile Methodology, Application Security

 

Accelerate your agile security strategy

  “In the face of more rapid iterative and agile design and development efforts, the time required becomes even more precious. It’s not hard to understand why even the most well-intentioned manager will make the pragmatic decision to skip the effort, or pay it lip service.” -Gartner Testing tools help meet the challenges Automation is […]

Continue Reading...

Posted in Agile Methodology, Application Security, Infographic

 

Webinar: Update your AppSec strategy to run effectively in a DevOps world

DevOps enables you to release features and bug remediation efforts faster than ever before through Agile methodologies, CI/CD processes, and open source tools. While traditional security activities have trouble keeping pace with DevOps, it’s also critical not to let security fall behind. Is security tripping you up? As the DevOps revolution continues to advance, security […]

Continue Reading...

Posted in Agile Methodology, CI/CD, DevOps, Security Training

 

Is threat modeling compatible with Agile and DevSecOps?

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

Posted in Agile Methodology, Application Security, DevOps

 

.NET component vulnerability analysis in production

At Black Duck, we’ve been excited to participate in the flurry of growth in the .NET ecosystem. Our Visual Studio Extension helps developers detect open source risks early, when it is easiest and most cost-effective to eliminate them. However, in some cases, a Visual Studio project or any build file or other composition metadata may not […]

Continue Reading...

Posted in Agile Methodology, DevOps, Vulnerability Assessment