close search bar

Sorry, not available in this language yet

close language selection

Synopsys expands security signoff solution with Cigital and Codiscope acquisition

Synopsys Editorial Team

Nov 05, 2016 / 2 min read

Table of Contents

Today Synopsys signed a definitive agreement to acquire two premier security companies. Cigital, headquartered in Dulles, Virginia, is a large application security firm specializing in professional and managed services for identifying, remediating, and preventing vulnerabilities in software applications. Codiscope, headquartered in Boston, Massachusetts, is focused on security developer tools and training modules, which Cigital distributes. The two companies are strategically aligned with Synopsys, with a shared vision of building security into the software development life cycle and across the cyber supply chain.

The cyber security landscape is becoming increasingly complex, and many organizations are struggling to determine the right software solution in the context of a multitude of point tool offerings and varying vendor strategies. This is particularly true across a broad range of industries, from enterprise and financial services, to medical devices, industrial control systems, and automotive. Having a complete end-to-end solution is vital.

Cigital consultants are instrumental in guiding organizations from the earliest stages of security readiness and system maturity, which will provide an impactful addition to Synopsys' current product-based offering. Codiscope's developer-focused tools and training modules are important in empowering developers to prioritize security. Together, we will provide what I believe will be the most comprehensive, state-of-the-art security signoff solution available in the market.

Our Synopsys Software Integrity Platform will now include:

Best-in-class products for the software development life cycle

  • Static code analysis tools with the industry's lowest false-positive rate, which developers love and use to eliminate defects as the code is developed. This includes static application security testing (SAST), as well as testing for complex quality defects, covering a wide spectrum of security and safety standards such as OWASP Top 10CWE Top 25, MISRA, and CERT C.
  • Fuzz testing tools to identify difficult-to-find quality and security defects through dynamic testing with out-of-the-box support for more than 250 standard protocols and file formats.
  • Software composition analysis (SCA) tools to identify known security vulnerabilities and license violations that can analyze a wide variety of software applications and support dozens of languages and binary formats.
  • Category-defining interactive application security testing (IAST) tools for web application security testing.
  • Automatic and on-the-fly coaching and computer-based training modules that help developers learn secure coding best practices without getting in their way.

Industry-leading professional and managed services to create and guide software security initiatives

  • First-of-its-kind Building Security In Maturity Model (BSIMM) framework that helps compare the effectiveness of an organization's software security initiative to the state of the art.
  • A wide array of managed and professional services offerings that help implement a software security practice, no matter where an organization is in maturing its security posture. The spectrum of offerings includes:
    • Managed application security testing such as SAST, DAST, mobile application testing, and pen testing.
    • Broad software security services such as thread modeling, architecture and design review, and red teaming.
    • Program development for building security initiatives with detailed roadmaps, policies, and metrics.

With this acquisition, I believe we will be able to offer one of the most comprehensive end-to-end solutions in today's market. It will provide our customers a turnkey, scalable approach for minimizing software-related business risk, while enabling timely product releases at predictably lower cost that comply with internal and external standards. This expansion of the Software Integrity Group at Synopsys will allow our customers to effectively address critical security and quality problems early in the development process no matter where they are in their journey toward mature software security.

Read the press release

Continue Reading

Introducing fAST Dynamic: Streamlining dynamic application security testing

Introducing fAST Dynamic: Streamlining dynamic application security testing

Vishrut Iyengar
By Vishrut Iyengar

Mar 19, 2024 / 3 min read

Tags: DAST, Software Integrity, Security News & Trends, Build Security into DevOps
CVE-2017-5638: The Apache Struts vulnerability explained

CVE-2017-5638: The Apache Struts vulnerability explained

Fred Bals
By Fred Bals

Mar 16, 2024 / 3 min read

Tags: Software Integrity, Security News & Trends, Secure the Software Supply Chain
2024 OSSRA Report: Outdated code risk in open source components

2024 OSSRA Report: Outdated code risk in open source components

Fred Bals
By Fred Bals

Mar 06, 2024 / 4 min read

Tags: Software Integrity, Security News & Trends, Secure the Software Supply Chain, Manage Security Risks

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Automotive
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
Financial Services
Fuzzing
Healthcare
IAST
Internet of Things
M&A
Manage Security Risks
Medical Devices
Mobile
Orchestration & Correlation
OSS License Compliance
Pen Testing
Program Strategy & Planning
Public Sector
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Threat Modeling
Threat & Risk Assessment
Training
Web Application Security