Software Composition Analysis Archives

Webinar: Do you know what’s in your software?

Much of today’s software is created using third-party code, and why not? After all, it’s quicker and more cost effective than building it from scratch. Using third-party software, however, comes with its own challenges. The recent State of Software Composition Analysis 2017 report explores these challenges. The report is based on the analysis of 128,782 software […]

Posted in Open Source Security, Software Composition Analysis | Comments Off on Webinar: Do you know what’s in your software?

The pros and cons of adding open source to your software

For years, free and open source software (FOSS) has a had a negative connotation, with some developers forbidden to use it in final software product releases. The obvious downside in avoiding open source is that organizations run the additional risk of introducing avoidable vulnerabilities. For example, an organization with no cryptographic experience should not be […]

Posted in Open Source Security, Software Composition Analysis | Comments Off on The pros and cons of adding open source to your software

Fault Injection Podcast .002: What’s in your software?

Fault Injection is a podcast from Synopsys that digs into software quality and security issues. This week, hosts Robert Vamosi, CISSP and Security Strategist at Synopsys, and Chris Clark, Principal Security Engineer at Synopsys, go into detail about a new report: The State of Software Composition 2017. You can always join the discussion by sending us […]

Posted in Application Security, Open Source Security, Software Composition Analysis, Vulnerability Assessment | Comments Off on Fault Injection Podcast .002: What’s in your software?

Does software quality equal software security? It depends.

Software quality and security assurance both concern risk to the organization, but they do so for different reasons. Risk might be mission critical such as software on a scientific robot crawling another planet. Or risk might be associated with sensitive financial information. In the first example the integrity of the software is paramount; it is […]

Posted in Code Review, Secure Coding Guidelines, Security Risk Assessment, Software Composition Analysis, Software Security Testing, Vulnerability Assessment | Comments Off on Does software quality equal software security? It depends.

Bug elimination: Code scanning, fuzzing, and composition analysis

When it comes to software vulnerabilities, Dr. Jared DeMott knows his stuff. Formerly a vulnerability analyst with the National Security Agency (NSA), Dr. DeMott holds his Phd. from Michigan State University. He has been on three winning DEF CON capture-the-flag (CTF) teams and talks about his vulnerability research at conferences like DerbyCon, BlackHat, ToorCon, GrrCon, […]

Posted in Application Security, Code Review, Fuzz Testing, Software Composition Analysis, Software Security Testing, Static Analysis (SAST), Web Application Security | Comments Off on Bug elimination: Code scanning, fuzzing, and composition analysis

Internet of Things (IoT): Rethinking the threat model

On February 4, 2017, a Saturday night, a high-school student in the U.K. realized he wasn’t going to university to study computer science so he wrote a short program in C, and within a few hours had 150,000 internet-connected printers across the world spitting out ASCII art and messages. All this was harmless although the […]

Posted in Internet of Things, Software Composition Analysis, Software Security Testing, Threat Modeling | Comments Off on Internet of Things (IoT): Rethinking the threat model

Ticketbleed: The next black swan

Last week a researcher disclosed a software vulnerability in a feature of the TLS/SSL stack that allowed a remote attacker to extract sensitive information. Sound familiar? In 2014, the Heartbleed vulnerability in the OpenSSL implementation of the heartbeat function in SSL affected some 600,000 websites worldwide and risked exposing passwords and other private keys. Ticketbleed, […]

Posted in Application Security, Fuzz Testing, Software Composition Analysis, Software Development Life Cycle (SDLC), Software Security Testing | Comments Off on Ticketbleed: The next black swan

Protecode SC scans over 1 million applications

On Tuesday, Protecode SC, the online software composition analysis product from Synopsys, scanned its one millionth customer submitted app. “This is a significant milestone,” said David Chartier, VP of Marketing, Synopsys Software Integrity Group. “This is a strong showing of scalability and widespread adoption of Protecode SC and of it’s ability to meet the demands […]

Posted in Code Review, Software Composition Analysis, Vulnerability Assessment | Comments Off on Protecode SC scans over 1 million applications

Discover

Products

Global Sites

Software Integrity

Semiconductor IP

Verification

Design

Silicon Engineering

Optical Solutions

All Products

Application Security Products

Application Security Services

Resources

Training & Education

Blog

Support

Software Integrity

Interface IP

Memories & Libraries

Analog IP

Processor Solutions

IP Subsystems

Security IP

Market Segments

IP Accelerated

SoC Infrastructure IP

Semiconductor IP

Verification

Solutions

Blogs

Verification

Design

Power Electronic Systems

Optical Solutions

Design

Silicon Engineering

Silicon Engineering

Products

Solutions

Industry Solutions

Technical Platforms

Solutions

Solutions

Software Integrity

Silicon Design

Support

All Services

Software Security Services

Managed Services

Program Development & Design

Training

Support

Software Security

Silicon Design Services

Support

SolvNet

Training

Silicon Design

Services

Community

SNUG

Partners

Interoperability

Academic Programs

Company Blogs

BSIMM

Community

Community

About Us

Investor Relations

Newsroom

Events

Careers

About Us

About Us

Software Integrity

Archive for the 'Software Composition Analysis' Category