In the 2022 Gartner® Magic QuadrantTM for Application Security Testing, Synopsys placed highest and farthest right for the fourth consecutive year for our Ability to Execute and our Completeness of Vision.
Leadership is a funny thing. It’s often difficult to define in the abstract but easy to identify in practice. At Synopsys, we believe leadership comes from dedication and devotion to a purpose beyond ourselves. It’s an approach we take seriously and apply on behalf of our customers every day. In our case, that means helping organizations build trust in their software by enabling them to manage application security, quality, and compliance risks at the speed their business demands.
This is why I’m proud to report that for the sixth consecutive year, Gartner has positioned Synopsys as a Leader in the Magic Quadrant for Application Security Testing (AST). And for the fourth consecutive year, Synopsys is placed highest and farthest right for our Ability to Execute and our Completeness of Vision.
We believe this continued recognition from Gartner reflects our commitment to building trust in software and to helping our customers succeed by bridging the gap between development and security and enabling their developers to move faster—and, ultimately, to protect their bottom lines by managing software risk.
For our customers, speed to market is the name of the game—but so is reliability, security, and trust. Whether they are selling software directly or relying on it to run their operations, our customers’ ability to innovate and deliver value is powered by secure, reliable software.
We continue to invest heavily in ensuring that our customers can deliver software their users trust.
Last June, we acquired Code Dx®, the provider of an award-winning application security risk management solution that automates and accelerates the aggregation, correlation, deduplication, and prioritization of software vulnerabilities from Synopsys and third-party vendors alike. Code Dx provides consolidated risk reporting that creates a system of record for security testing and enables actionable insight into software risk across the organization.
Last July, Synopsys announced the availability of new rapid scan capabilities within Coverity® static application security testing (SAST) and Black Duck® software composition analysis (SCA) solutions. The rapid scan features provide fast, lightweight vulnerability detection for both proprietary and open source code, and they are optimized for the early stages of the software development life cycle (SDLC), particularly for cloud-native applications and infrastructure-as-code (IaC) files.
Last October, we also enhanced Black Duck to address customers’ emerging needs around securing their software supply chains. The enhancements enable Black Duck customers to produce a software Bill of Materials in the standardized SPDX 2.2 format approved by the National Institute of Standards and Technology, a necessary capability for software vendors to comply with Executive Order 14028.
In February of this year, Synopsys announced the general availability of Code Sight™ Standard Edition, a standalone version of the Code Sight plugin for integrated development environments. The new version enables developers to find and fix security defects quickly in source code, open source dependencies, and IaC files, before committing their code.
These investments are a continuation and evolution of traditional application security (AppSec). They are enabling a new generation of AppSec, one that provides intelligent, context-aware risk management.
We believe that the future of trusted software isn’t based solely on integrating and automating AST tools. It’s about intelligently running the right tests at the right time and giving teams the ability to focus on the issues that matter most to their business. This is the genesis behind our Intelligent Orchestration solution, which we launched last spring. Intelligent Orchestration runs only the tests our customers need, when they need them, and then filters results based on risk, so their developers can achieve maximal impact at minimal cost.
Underlying our innovation and focus on next-gen AppSec solutions is our comprehensive suite of security tools and services.
The strength of our portfolio comes through in two dimensions.
Synopsys is more committed than ever to helping our customers succeed in building trust in their software at the speed their business demands, so they can turn software security from a productivity inhibitor into a business enabler and competitive advantage.
We will continue to provide market-leading solutions that enable our customers to address the security of everything that goes into their software, decrease risk without jeopardizing their digital transformations or delaying their product releases, and align their people, processes, and technology to address software risk across their organizations and at every stage of their development life cycles.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Jason Schmitt is the general manager of the Software Integrity Group at Synopsys. He is a seasoned leader with a proven track record of deep technical knowledge, product development, insight into emerging and rapidly changing cybersecurity challenges, and go-to-market strategy and implementation. He brings more than 20 years of experience in security and enterprise product development and management. Prior to Synopsys, Jason served as the CEO of cloud security startup Aporeto, and vice president and general manager of Fortify and ArcSight at Hewlett Packard. Jason is a Louisiana native, who completed his bachelor's degree in Mechanical Engineering and master's degree in Computer Science at the Georgia Institute of Technology, and his MBA at Georgia State University’s J. Mack Robinson College of Business.