Software Integrity

Archive for the 'Application Security' Category

 

3 ways to build a recruiting culture in the AppSec industry

I am often posed the question, how do you manage to staff security professionals in such a competitive market? Our team has even been asked to help top-tier clients fill their own internal vacancies. So what makes us effective? Secure executive support It is very common for recruiting departments to be treated as administrative support […]

Continue Reading...

Posted in Application Security | No Comments »

 

Fault Injection Podcast: Sammy Migues introduces BSIMM8

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Sammy Migues, principal scientist here at Synopsys, about the new Building Security In Maturity Model (BSIMM) 8 report. You […]

Continue Reading...

Posted in Application Security, Maturity Model (BSIMM) | No Comments »

 

Why do companies need a software security program?

The information technology sector is one of the world’s fastest growing industries. In fact, the rate at which software and software products are evolving is many times greater when compared to the rate at which software security is evolving. In an age of cybercrime, some of the most widespread cyber-based crimes include: Stealing information via […]

Continue Reading...

Posted in Application Security, Data Breach, Featured, Software Security Program Development | No Comments »

 

The BSIMM helps organizations mature software security

How does your software security initiative stack up against the best? Against others in your market? Against your own goals? A Building Security In Maturity Model (BSIMM) assessment can answer these questions. Whether you call it a software security initiative (SSI), application security program, product security process, or something else, it’s a business necessity to […]

Continue Reading...

Posted in Application Security, Featured, Maturity Model (BSIMM), Software Security Program Development, Software Security Testing | No Comments »

 

Fault Injection Podcast: Ken Modeste on the UL CAP program

Fault Injection is a podcast from Synopsys that digs deep into software quality and security issues. This week, hosts Robert Vamosi, CISSP and security strategist at Synopsys, and Chris Clark, principal security engineer at Synopsys, interview Ken Modeste of UL at this year’s codenomi-con 2017, held at the end of July at the House of […]

Continue Reading...

Posted in Application Security | No Comments »

 

Checklist: Kick off your software integrity program with a bang

We are coming up on fall here in the States, and for most of us, that means two big types of kickoffs are happening: new business initiatives and football. Budgets tend to land around the same time as football season, so if you want to enjoy your Sunday kickoffs, follow this list of four impactful […]

Continue Reading...

Posted in Application Security, Software Quality, Software Security Program Development | No Comments »

 

What you need to know about BlueBorne Bluetooth flaws

Initially created to support hands-free headsets, Bluetooth in 2017 is far from a simple wireless technology standard. It has evolved into a much different technology than today’s standard Wi-Fi wireless protocols. Researchers Ben Seri and Gregory Vishnepolsky of Armis Labs examine how complicated the Bluetooth implementation has become by navigating the complex protocol implementations in […]

Continue Reading...

Posted in Application Security, Data Breach, Vulnerability Assessment | No Comments »

 

Synopsys finds 3 Linux kernel vulnerabilities

At Synopsys, our R&D teams routinely organize internal hackathons to verify the Synopsys Software Integrity Portfolio’s performance in real-world environments. During one hackthon, focused on open source software, Tuomas Haanpää, from the Synopsys Fuzz Testing (Defensics) R&D group, ran our NFSv3 test suite against the Linux kernel and found several interesting errors. Initial analysis found that anomalized […]

Continue Reading...

Posted in Application Security, Featured, Fuzz Testing, Open Source Security | Comments Off on Synopsys finds 3 Linux kernel vulnerabilities

 

What can your firm learn from the unfolding Equifax hack?

On Sept. 7, Equifax announced that attackers had stolen information from about 143 million people in the United States. Canadian and U.K. residents’ data was also stolen. However, Equifax has not yet revealed the number of people affected. We do not know the exact vulnerability that was exploited. Equifax stated only that “criminals exploited a […]

Continue Reading...

Posted in Application Security, Data Breach | Comments Off on What can your firm learn from the unfolding Equifax hack?

 

A journey through the secure software development life cycle phases

Most organizations follow common development processes when creating software. Unfortunately, these processes offer little support to construct secure software as they typically identify security defects in the verification (i.e., testing) phase. Fixing defects that late in the software development life cycle (SDLC) is often quite expensive. A better practice is to integrate security activities across […]

Continue Reading...

Posted in Application Security, Infographic, Software Development Life Cycle (SDLC), Software Quality | Comments Off on A journey through the secure software development life cycle phases