The latest release of Coverity by Synopsys features seamless integration with our completely rebuilt eLearning platform, an on-demand developer training solution focusing on secure coding best practices and security guidance. On-demand developer training enables development teams Synopsys eLearning is an outcome-driven, learner-centric training solution that makes learning about security easy, relevant, and accessible. With eLearning, learners […]
As you have no doubt heard, Spectre and Meltdown aren’t software bugs that can be fixed in a few days or weeks when a company pushes out a patch. They are part of the architecture of hardware – the chips that run your computer. And you don’t just roll out a patch for hardware. Chips […]
Black Duck by Synopsys announces OpsSight 2.0. Abbott strengthens pacemaker software against vulnerabilities. A year after disclosure, the Struts vulnerability is still a danger to thousands of companies. And the new Synopsys Security Mashup video is up. Software Integrity Insight is your resource on the cyber security and open source security news that made headlines […]
Posted in Application Security, Blockchain Security, Containers, DevOps, Medical Device Security, Static Analysis (SAST) | Comments Off on OpsSight Container Security 2.0, Integrating SAST into DevSecOps, building hacker-proof voting
Static application security testing (SAST) is the process of examining source code for security defects. SAST is one of the many checks in an application security assurance program designed to identify and mitigate security vulnerabilities early in the DevSecOps process. Integrating SAST tools into DevSecOps processes is critical to building a sustainable program. The automation […]
Written by Charles-Henri Gros, Liana Hadarean, and Mandar Satam. In the last few months, Spectre (CVE-2017-5753 and CVE-2017-5715) has emerged as a new kind of vulnerability. In the interest of helping the development community actively defend against these exploits, the Synopsys Software Integrity Group is releasing a checker that can identify code patterns that are […]
While software grows more complex and the pace of development accelerates, the stakes for building secure software have never been higher. If you’re like most teams embracing a DevOps culture, you’re focused on breaking down silos, streamlining workflows, and cranking out functional software at a nearly continuous clip. Amid all these fundamental changes, how do […]
Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?
Synopsys Static Analysis (Coverity) has powerful capabilities that can find issues deep within the logic of your application’s code. If you apply third-party or open source code during your build process, Coverity might even find issues in code your team didn’t write. Often, you won’t be interested in fixing that third-party code, for a variety […]
Posted in Application Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Can Synopsys Static Analysis (Coverity) automatically ignore issues in third-party or noncritical code?
From the moon to autonomous driving There is a general awareness that software complexity has been growing immensely over time. Starting a few decades ago with special-purpose tasks, such as calculating equations to send a man to the moon, we are now at a stage where our world and much of our lives depend intrinsically […]
The risk of open source and third-party code In today’s fast-paced world with rapid technological advancements, few people need any introduction to the dangers of security vulnerabilities lurking in open source and third-party code. Open source software has come a long way from being a techno-hippie dream in the late ’80s. Today, it exists nearly […]
Posted in Application Security, Open Source Security, Software Quality, Static Analysis (SAST), Vendor Risk Management | Comments Off on Triage Protecode identified security vulnerabilities with Coverity’s secure development workflow
Only when security is treated with the same importance as quality can your software’s integrity drive a proactive strategy rather than a reactive response. In addition to ensuring software quality, development teams are under increasing pressure to address software security concerns. The high-profile data breaches that continuously arise are raising awareness of security issues. Because […]
Posted in Application Security, Dynamic Analysis (DAST), Fuzz Testing, Interactive Application Security Testing (IAST), Security Training, Software Quality, Static Analysis (SAST) | Comments Off on Get the latest resource helping development teams overcome widespread challenges