Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. In the interest of helping the development community actively defend against these exploits, the Synopsys Software Integrity Group is releasing a checker that can identify code patterns that are […]
While software grows more complex and the pace of development accelerates, the stakes for building secure software have never been higher. If you’re like most teams embracing a DevOps culture, you’re focused on breaking down silos, streamlining workflows, and cranking out functional software at a nearly continuous clip. Amid all these fundamental changes, how do […]
Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?
Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety […]
Posted in Application Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?
From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically […]
The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]
Posted in Application Security, Open Source Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow
Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]
Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST) | Comments Off on Get the latest resource helping development teams overcome widespread challenges
“I lost my keys. How long will it take to find them?” This is a laughable question, but it’s analogous to “How long will it take to debug this?” Developers scoff at this question as if it were an unreasonable demand, just as inexperienced project managers are shocked that a simple answer isn’t forthcoming. But […]
Small and medium-size businesses (SMBs) are nonsubsidiary, independent firms that employ fewer than a given number of employees. This number varies from country to country: Gartner defines an SMB as having fewer than 1,000 employees, but the European Union defines an SMB as having fewer than 250 employees. Managing an SMB budget Many factors affect […]
We’re proud to announce that Synopsys has been positioned as a leader in The Forrester Wave™: Static Application Security Testing, Q4 2017. The in-depth report evaluates the 10 most significant vendors in static application security testing (SAST), assessing their strengths and weaknesses across 29 criteria in three categories. Synopsys Static Analysis (Coverity) is the highest-ranked […]
Coverity Scan’s impact on open source software (OSS) is both extensive and largely unacknowledged. Since its inception, Scan has enabled developers to fix over 600,000 defects across some of the most important projects in open source. As part of that effort, it has also helped improve the maturity of the software development practices of active […]