Software Integrity

Archive for the 'Static Analysis (SAST)' Category

 

Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?

Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety […]

Continue Reading...

Posted in Application Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | No Comments »

 

Coverity: Setting the standard for better software

From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically […]

Continue Reading...

Posted in Application Security, Security Standards and Compliance, Software Quality, Static Analysis (SAST) | Comments Off on Coverity: Setting the standard for better software

 

Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]

Continue Reading...

Posted in Application Security, Open Source Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow

 

Get the latest resource helping development teams overcome widespread challenges

Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]

Continue Reading...

Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST) | Comments Off on Get the latest resource helping development teams overcome widespread challenges

 

How is static analysis a productivity tool for engineering teams?

“I lost my keys. How long will it take to find them?” This is a laughable question, but it’s analogous to “How long will it take to debug this?” Developers scoff at this question as if it were an unreasonable demand, just as inexperienced project managers are shocked that a simple answer isn’t forthcoming. But […]

Continue Reading...

Posted in Application Security, Software Quality, Software Security Testing, Static Analysis (SAST) | Comments Off on How is static analysis a productivity tool for engineering teams?

 

How can SMBs maximize AppSec returns on an SMB budget?

Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]

Continue Reading...

Posted in Application Security, Cloud Security, Data Breach, Software Security Program Development, Static Analysis (SAST) | Comments Off on How can SMBs maximize AppSec returns on an SMB budget?

 

Synopsys named a leader in static application security testing

We’re proud to announce that Synopsys has been positioned as a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017. The in-depth report evaluates the 10 most significant vendors in static application security testing (SAST), assessing their strengths and weaknesses across 29 criteria in three categories. Synopsys Static Analysis (Coverity) is the highest-ranked […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST) | Comments Off on Synopsys named a leader in static application security testing

 

Examining open source security and the road ahead in the 2017 Coverity Scan Report

Coverity Scan’s impact on open source software (OSS) is both extensive and largely unacknowledged. Since its inception, Scan has enabled developers to fix over 600,000 defects across some of the most important projects in open source. As part of that effort, it has also helped improve the maturity of the software development practices of active […]

Continue Reading...

Posted in Application Security, Open Source Security, Static Analysis (SAST) | Comments Off on Examining open source security and the road ahead in the 2017 Coverity Scan Report

 

Swift: Close to greatness in programming language design, Part 3

Welcome back Ahead of Coverity Static Analysis support for the Swift programming language, we are examining design decisions in the language from the perspective of defect patterns detectable with static analysis. Before digging into Part 3, I recommend reading Part 1 and Part 2 in this series if you have not already. Defect patterns part […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST), Vulnerability Assessment | Comments Off on Swift: Close to greatness in programming language design, Part 3

 

Swift: Close to greatness in programming language design, Part 2

Ahead of Coverity Static Analysis support for the Swift programming language, we are examining design decisions in the language from the perspective of defect patterns detectable with static analysis. To kick things off, I recommend reading Part 1 in this series if you have not already. Defect patterns continued: More basics Now we consider additional […]

Continue Reading...

Posted in Application Security, Static Analysis (SAST), Vulnerability Assessment | Comments Off on Swift: Close to greatness in programming language design, Part 2