Software Integrity

Archive for the 'Software Development Life Cycle (SDLC)' Category

 

How to implement security measures without negatively affecting software quality

Over the past decade, most organizations have established a well-oiled process for software development and maintenance. We refer to this as the software development life cycle (SDLC). However, advancing security threats relating to insecure software have brought the focus to security implementation within the SDLC without hampering quality. Let’s examine a few strategies to implement security […]

Continue Reading...

Posted in Application Security, Software Development Life Cycle (SDLC), Software Quality, Software Security Testing | Comments Off on How to implement security measures without negatively affecting software quality

 

A journey through the secure software development life cycle phases

Most organizations follow common development processes when creating software. Unfortunately, these processes offer little support to construct secure software as they typically identify security defects in the verification (i.e., testing) phase. Fixing defects that late in the software development life cycle (SDLC) is often quite expensive. A better practice is to integrate security activities across […]

Continue Reading...

Posted in Application Security, Infographic, Software Development Life Cycle (SDLC), Software Quality | Comments Off on A journey through the secure software development life cycle phases

 

The countdown to codenomi-con USA 2017 is on!

Join the Synopsys team as we host the world’s most exclusive cybersecurity event at the House of Blues inside of Mandalay Bay in Las Vegas on Tuesday, July 25. In addition to an evening of networking and entertainment, our thought leadership program will include presentations on DevOps security, IoT, and building security into your SDLC. […]

Continue Reading...

Posted in DevOps, Internet of Things, Security Conference or Event, Software Development Life Cycle (SDLC) | Comments Off on The countdown to codenomi-con USA 2017 is on!

 

What happens when dishwashers attack the network?

Last month a researcher announced that a commercial dishwashing machine contained a dangerous vulnerability allowing a remote attacker to gain access to privileged assets on a connected network. Jens Regel of the German company Schneider-Wulf made the vulnerability public on Full Disclosure after contacting the vendor and waiting the customary 90 days. The vendor, Miele, has […]

Continue Reading...

Posted in Internet of Things, Network Security, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on What happens when dishwashers attack the network?

 

Moving beyond ‘moving left’: The case for developer enablement

Originally posted on SecurityWeek.  For far too long software security has been comprised of a curious bifurcation of roles. Developers develop and IT security testers test for security issues. Fortunately, a confluence of circumstances has forced a recalibration of the developer’s role in software security. In fact, I think we are about to see a new […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Program Development, Static Analysis (SAST) | Comments Off on Moving beyond ‘moving left’: The case for developer enablement

 

Ticketbleed: The next black swan

Last week a researcher disclosed a software vulnerability in a feature of the TLS/SSL stack that allowed a remote attacker to extract sensitive information. Sound familiar? In 2014, the Heartbleed vulnerability in the OpenSSL implementation of the heartbeat function in SSL affected some 600,000 websites worldwide and risked exposing passwords and other private keys. Ticketbleed, […]

Continue Reading...

Posted in Application Security, Fuzz Testing, Software Composition Analysis, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Ticketbleed: The next black swan

 

Gary McGraw’s Shmoocon keynote recaps security career with advice

Gary McGraw provided this year’s keynote address at Shmoocon, held January 13-15 at the Washington Hilton in Washington, D.C. His talk, “Seven Things: Frank Zappa, T. Coraghassen Boyle, and 21 Years in Security,” touches upon valuable insights gleaned over McGraw’s more than 21 years in software security. It also reflects his many interests. Watch the […]

Continue Reading...

Posted in Security Conference or Event, Security Metrics, Security Training, Software Architecture and Design, Software Development Life Cycle (SDLC), Software Security Program Development | Comments Off on Gary McGraw’s Shmoocon keynote recaps security career with advice

 

Are you following the top 10 software security best practices?

While it is a common misnomer that many firms rely on, it’s never a good security strategy to simply buy the latest security tool and call it a day. Your organization may need to invest in focused employee education and tool deployment before seeing a return on investment. Software security isn’t simply plug and play. […]

Continue Reading...

Posted in Security Training, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Are you following the top 10 software security best practices?

 

How much do bugs cost to fix during each phase of the SDLC?

A well-defined software development life cycle (SDLC) is essential to develop more reliable, bug-free software. At Synopsys, we often make the claim that it’s important to fix bugs early in the SDLC to save time and money. But how much of a cost difference does it really make to fix bugs during various SDLC phases? […]

Continue Reading...

Posted in Software Development Life Cycle (SDLC), Vulnerability Assessment | Comments Off on How much do bugs cost to fix during each phase of the SDLC?

 

New study finds static analysis and fuzz testing from Synopsys can save millions in remediation costs

By integrating testing early in the software development lifecycle, organizations may realize a high ROI. Earlier this year, Synopsys commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) case study for an organization deploying Coverity, a static code analysis solution, and Defensics, an intelligent fuzzing solution. The goal of Forrester’s independent TEI study was […]

Continue Reading...

Posted in Fuzz Testing, Software Development Life Cycle (SDLC), Static Analysis (SAST) | Comments Off on New study finds static analysis and fuzz testing from Synopsys can save millions in remediation costs