Software Integrity Blog

Archive for the 'Software Security Initiative (SSI)' Category


GovWare 2018 survey: Challenges include resources and open source use

In September 2018, Synopsys Software Integrity Group, Asia Pacific, participated in the 27th edition of GovernmentWare. The GovWare conference anchors Singapore International Cyber Week, which promotes the development and innovation of the cyber ecosystem through international and regional collaboration and cooperation. SICW draws thousands of cyber security practitioners from around the world, and this year […]

Continue Reading...

Posted in Events, Software Security Initiative (SSI)


BSIMM9: Hot off the presses and better than ever

Have you heard of the BSIMM? If you have, you know it’s the best way to measure your software security initiative (SSI) year after year to see how it’s evolving and how you compare to your peers. If you haven’t, you’re in luck: The latest version is out now, and it’s notably different from last […]

Continue Reading...

Posted in Maturity Model (BSIMM), Software Security Initiative (SSI)


Hacking Security Episode 2: The 4 CISO tribes

Hacking Security is a monthly podcast on emerging trends in application security. Episode 2 explores the four tribes described in the CISO Report. Listen now.

Continue Reading...

Posted in Hacking Security, Podcasts, Software Security Initiative (SSI)


Open source security report, Serious XSS vulnerabilities, and ICS attack vectors

Taylor Armerding, Synopsys Software Integrity Group senior strategist, gives you the scoop on application security and insecurity in this week’s Security Mashup episode. 41% of cyber-security apps contain high-risk open source vulnerabilities via Davey Winder, author – SC Magazine –  The 2018 Open Source Security and Risk Analysis Report– the latest in a series of annual […]

Continue Reading...

Posted in Open Source Security, Software Security Initiative (SSI), Weekly Security Mashup


RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

With RSA 2018 behind us, a recap is in order. For any readers who have never attended the RSA Conference (RSA) in North America, it’s worth setting the stage. For practical purposes, RSA is the premier technology security conference. There are tens of thousands of attendees, well over a dozen conference tracks, and the show […]

Continue Reading...

Posted in Software Architecture and Design, Software Security Initiative (SSI), Webinars


Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?

Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety of […]

Continue Reading...

Posted in Software Security Initiative (SSI), Static Analysis (SAST)


Triage open source vulnerabilities in Coverity Connect

We’ve listened to customer needs and pain points: Developers need a way to triage open source vulnerabilities within the application security tools they’re already using. That’s why we’ve established best practices and a secure development workflow integrating Black Duck Binary Analysis and Coverity Connect. The risk of open source and third-party code In today’s fast-paced […]

Continue Reading...

Posted in Open Source Security, Software Security Initiative (SSI), Static Analysis (SAST)


How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]

Continue Reading...

Posted in Cloud Security, Data Breach, Software Security Initiative (SSI), Static Analysis (SAST)


PayPal uncovers TIO Networks data breach affecting 1.6 million users

In July 2017, PayPal completed its acquisition of TIO Networks for $238 million. TIO Networks, a multichannel payment processor, serves over 16 million consumer bill pay accounts and offers solutions for payment services to financially underserved consumers and consumer services. Fast-forward to Nov. 10, 2017, when PayPal announced the suspension of TIO Networks’ operations due […]

Continue Reading...

Posted in Data Breach, Software Security Initiative (SSI)


Why do companies need a software security program?

The information technology sector is one of the world’s fastest growing industries. In fact, the rate at which software and software products are evolving is many times greater when compared to the rate at which software security is evolving. In an age of cybercrime, some of the most widespread cyber-based crimes include: Stealing information via […]

Continue Reading...

Posted in Data Breach, Software Security Initiative (SSI)