Software Integrity

 

Synopsys expands security signoff solution with Cigital and Codiscope acquisition

synopsys-blog-post

Today Synopsys signed a definitive agreement to acquire two premiere security companies. Cigital, headquartered in Dulles, Virginia, is a large application security firm specializing in professional and managed services for identifying, remediating, and preventing vulnerabilities in software applications. Codiscope, headquartered in Boston, Massachusetts, is focused on security developer tools and training modules, which Cigital distributes. The two companies are strategically aligned with Synopsys, with a shared vision of building security into the software development lifecycle and across the cyber supply chain.

The cyber security landscape is becoming increasingly complex, and many organizations are struggling to determine the right software solution in the context of a multitude of point tool offerings and varying vendor strategies. This is particularly true across a broad range of industries, from enterprise and financial services, to medical devices, industrial control systems and automotive. Having a complete end-to-end solution is vital.

Cigital consultants are instrumental in guiding organizations from the earliest stages of security readiness and system maturity, which will provide an impactful addition to Synopsys’ current product-based offering. Codiscope’s developer-focused tools and training modules are important in empowering developers to prioritize security. Together, we will provide what I believe will be the most comprehensive, state-of-the-art security signoff solution available in the market.

Our Synopsys Software Integrity Platform will now include:

Best-in-class products for the software development lifecycle:

  • Static code analysis tools with the industry’s lowest False Positive rate, which developers love and use to eliminate defects as the code is developed. This includes Static Application Security Testing (SAST), as well as testing for complex quality defects, covering a wide spectrum of security and safety standards such as OWASP, CWE, MISRA, CERT C, etc.
  • Fuzz testing tools to identify difficult-to-find quality and security defects through dynamic testing with out-of-the-box support for more than 250 standard protocols and file formats.
  • Software Composition Analysis (SCA) tools to identify known security vulnerabilities and license violations that can analyze a wide variety of software applications and support dozens of languages and binary formats.
  • Category-defining Interactive Application Security Testing (IAST) tools for web application security testing.
  • Automatic and on-the-fly coaching and Computer-Based Training (CBT) modules that help developers learn secure coding best practices without getting in their way.

Industry-leading professional and managed services to create and guide software security initiatives:

  • First of its kind Building Security In Maturity Model (BSIMM) framework that helps compare the effectiveness of an organization’s software security initiative to the state of the art.
  • A wide array of managed and professional services offerings that help implement a software security practice, no matter where an organization is in maturing its security posture. The spectrum of offerings includes:
    • Application security testing such as SAST, DAST, mobile application testing, pen testing, etc.
    • Broad software security services such as thread modeling, architecture and design review, red teaming, etc.
    • Program development for building security initiatives with detailed roadmaps, policies, and metrics.

With this acquisition, I believe we will be able to offer one of the most comprehensive end-to-end solutions in today’s market. It will provide our customers a turnkey, scalable approach for minimizing software-related business risk, while enabling timely product releases at predictably lower cost that comply with internal and external standards. This expansion of the Software Integrity Group at Synopsys will allow our customers to effectively address critical security and quality problems early in the development process no matter where they are in their journey toward mature software security.

Read the press release here.