Synopsys Software Integrity Group
-
Read more: Comments: Google Playstore to add privacy information for all Android applications by Q1 2022Comments by: Jonathan Knudsen, Senior Security Strategist, at Synopsys Software Integrity Group Running an app store is incredibly difficult. At its root, the problem is to make sure apps do what they claim to do, and don’t do anything bad. But defining “bad” is hard, and figuring out what apps…
-
Read more: Comments: 2 zero-day vulnerabilities reported by Apple: Hackers can compromise fully patched devices – SynopsysComments by: Jonathan Knudsen, Senior Security Strategist, at Synopsys Software Integrity Group Recent zero-day vulnerabilities in Apple’s iOS are a stark reminder of the complexity of software security. First, software is made of many smaller pieces, which are often open source components. In the case of iOS, the vulnerable component was WebKit. Most…
-
Read more: Comments: 25 security flaws found in IoT and OT devices – SynopsysComments by: Boris Cipot, Senior Security Engineer, at Synopsys Software Integrity Group For many of us, IoT still feels like the technology of the future. However, we have in fact already adopted this technology, knowingly or unknowingly, and we are using it in our everyday lives. Heating regulators, cameras, doorbells,…
-
Read more: Synopsys Study Shows Uptick in Vulnerable, Outdated, and Abandoned Open Source Components in Commercial SoftwareSynopsys, Inc. has released the 2021 Open Source Security and Risk Analysis (OSSRA) report. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,500 audits of commercial codebases, performed by the Black Duck® Audit Services team. The report highlights trends in open source usage within commercial applications…
-
Read more: Comments: Facebook leak of 533 million records – SynopsysComments by: Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group Attackers define the rules of their attack, and increasingly they are operating just like businesses. But just like any business, there is nothing to say that they too can’t be hacked and their data stolen. When your primary asset…
-
Read more: Hacking medical devices: Five ways to inoculate yourself from attacksBy: Chandu Ketkar, Principal Security Consultant, at Synopsys Software Integrity Group It’s vital that healthcare companies follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to — especially during a pandemic. The COVID-19 pandemic has increased the number of medical devices used…
-
Read more: The US government may mandate software vendors to disclose breaches under new order – SynopsysComments by: Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group The proposed Executive Order outlines several steps in the right direction in the battle against cyber-crime. First and foremost, it recognises that there is no possible way to patch something you don’t know you’re exposed to. This is critical when…
-
Read more: How to evaluate the ROI of your software security programBy: Taylor Armerding, Software Security Expert, at Synopsys Software Integrity Group A common declaration at security conferences is that if organisations invest in software security, it will pay dividends. Indeed, “investment” implies a dividend. You put money, time, and effort into something — the bank, a stock, an exercise program,…
-
Read more: DevSecOps: The good, the bad, and the uglyBy: Nivedita Murthy, Senior Security Consultant, at Synopsys Software Integrity Group DevSecOps is the practice of integrating security into every stage of the DevOps pipeline. It unites development activities, operations support, and security checks, and coordinates the teams involved in the software development life cycle (SDLC). The synergy between the…
-
Read more: Don’t get overwhelmed with trivial defects. Manage them!By: Taylor Armerding, Software Security Expert, at Synopsys Software Integrity Group If those tools aren’t used correctly, at the right time, and in the right way, they can flag an overwhelming number of potential vulnerabilities, many of them insignificant or irrelevant to a particular project. And that can frustrate development…
You must be logged in to post a comment.