Software Integrity


The journey has just begun: Software quality meets software security


The journey has just begun: Software quality meets software security

Born out of the acquisition of various security and quality-focused organizations, Synopsys Software Integrity Group’s journey is just getting started. Founded in 1986, Synopsys rose to prominence with their advances in the Electronic Design Automation industry. As you can see from the graphic above, Synopsys made their move into the security and quality space with their acquisition of Coverity in 2014. This investment continues to thrive as it has evolved into Synopsys’ Comprehensive Static Analysis tooling solution.

The following year, in 2015, Synopsys acquired Codenomicon, Seeker, and Protecode. Codenomicon brought Defensics, an important part of Synopsys’ Fuzz Testing solution. It was also used to identify the OpenSSL Heartbleed vulnerability.

Seeker has become part of Synopsys’ Interactive Application Security Testing (IAST) solution. It verifies every identified vulnerability to ensure it’s real and exploitable. It also discovers complex vulnerabilities and logic flaws that aren’t detectable via other technologies and tooling approaches.

Protecode introduced an important piece of Synopsys’ Software Composition Analysis offering with automated tooling enabling organizations to audit open source software compliance, vulnerabilities in 3rd party code, and more.

Next, in 2016, Synopsys acquired its most recent investments: Cigital and Codiscope. Cigital introduced a powerful Professional Services team in addition to the Managed Services capabilities at Synopsys. From in-depth manual application testing and penetration testing, to closing testing gaps and conducting tests at any depth, these managed and professional services offer elasticity, versatility, and comprehensive testing.

To add onto the established comprehensive static analysis solution, Codiscope introduces a preventative tooling approach. Codiscope’s SecureAssist established Synopsys’ Preventative Static Analysis solution. It’s a lightweight static analysis tool that automatically detects common application vulnerabilities as developers code. It also offers practical remediation guidance and training so developers can fix each issue before it leaves their work station.

Synopsys Software Integrity Platform

Together these solutions create the Synopsys Software Integrity Platform. Our investments come together to ensure the security and quality of the applications that power your business.

Download infographic


More by this author