Software Integrity

Today’s electronic systems are more intelligent, more connected, and more at risk than ever before. In fact, a single vulnerability can lead to widespread system-of-systems compromises. Organizations participating in security-critical industries like Aerospace and Defense are especially at risk. About this webinar Cristopher Rommel from VDC and Joe Jarzombek from Synopsys will discuss the results […]

Continue Reading...

Last week, authorities in multiple countries served warrants to take down a Dark Web site generating a reported $600-$800 thousand a day in sales of illegal drugs and other products. The clue that led authorities to the real-world admin behind the site was a personal email address used in the site’s early days. It provided […]

Continue Reading...

Seems we all have one: that distant aunt. You know the one I’m talking about. Always dressed to the nines. Always perfectly coiffured. Every detail just so. And that tiny Jack Russell that did tricks on command, never yapped (unless told to “speak”), and was always at her side, springing up to her lap when she pulled out […]

Continue Reading...

A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other IoT devices) at risk. On Tuesday, IoT researchers at Senrio disclosed a hackable flaw they’re calling “Devil’s Ivy.” Officially known as CVE-2017-9765, the vulnerability is a stack buffer overflow that, if successfully […]

Continue Reading...

Originally posted on SecurityWeek.  1. Shift Left. 2. Test earlier in the development cycle.  3. Catch flaws in design before they become vulnerabilities. These are all maxims you hear frequently in the discussion surrounding software security. If this is not your first visit to one of my columns it is certainly not the first time […]

Continue Reading...

There is a sad reality in the software world that developer education and training not only neglect software security, but often teach developers the wrong activities to secure it. This ranges from the ‘get it to work and move on’ habit to insecure code samples in the tutorials and forums we all use when learning new […]

Continue Reading...

Black Hat USA 2017 takes place from July 22-27 at Mandalay Bay in sunny Las Vegas! What’s Synopsys up to at Black Hat USA 2017? During the event, be sure to stop by booth #1132 to pick up a t-shirt. Who doesn’t love a free t-shirt, right?! If someone from the Synopsys team spots you […]

Continue Reading...

Developing software is an art. Developing safe and secure software is not only an art, but requires a mindset that anticipates potential bugs, security vulnerabilities, and system failures. Both quality and security are hard to add to a product after its inception. It simply isn’t practical to add on to a product as quality and security […]

Continue Reading...

Bryan Sullivan, a Security Program Manager at Microsoft, called threat modeling a “cornerstone of the SDL” during a Black Hat Conference presentation. He calls it a ‘cornerstone’ because a properly executed threat model: Finds architectural and design flaws that are difficult or impossible to detect through other methods. Identifies the most ‘at-risk’ components. Helps stakeholders […]

Continue Reading...

No matter what you call it, SecDevOps, DevSecOps, or DevOpsSec, you have to build security into your continuous integration, continuous delivery, and continuous deployment pipeline. This checklist will guide you through the DevSecOps journey—as we’ll call it within this checklist—to assure that you’re integrating security into your pipeline. Here, we’re going to look at each of […]

Continue Reading...