Synopsys Software Integrity Group
-
Comments by: Jonathan Knudsen, Senior Security Strategist, at Synopsys Software Integrity Group Running an app store is incredibly difficult. At its root, the problem is to make sure apps do what they claim to do, and don’t do anything bad. But defining “bad” is hard, and figuring out what apps really do is very hard…
-
Comments by: Jonathan Knudsen, Senior Security Strategist, at Synopsys Software Integrity Group Recent zero-day vulnerabilities in Apple’s iOS are a stark reminder of the complexity of software security. First, software is made of many smaller pieces, which are often open source components. In the case of iOS, the vulnerable component was WebKit. Most software products have hundreds, sometimes…
-
Comments by: Boris Cipot, Senior Security Engineer, at Synopsys Software Integrity Group For many of us, IoT still feels like the technology of the future. However, we have in fact already adopted this technology, knowingly or unknowingly, and we are using it in our everyday lives. Heating regulators, cameras, doorbells, television sets, radios, watches, headphones,…
-
Synopsys, Inc. has released the 2021 Open Source Security and Risk Analysis (OSSRA) report. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,500 audits of commercial codebases, performed by the Black Duck® Audit Services team. The report highlights trends in open source usage within commercial applications and provides insights to help…
-
Comments by: Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group Attackers define the rules of their attack, and increasingly they are operating just like businesses. But just like any business, there is nothing to say that they too can’t be hacked and their data stolen. When your primary asset is data, that asset is…
-
By: Chandu Ketkar, Principal Security Consultant, at Synopsys Software Integrity Group It’s vital that healthcare companies follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to — especially during a pandemic. The COVID-19 pandemic has increased the number of medical devices used at home, so ensuring the…
-
Comments by: Tim Mackey, Principal Security Strategist, Synopsys Software Integrity Group The proposed Executive Order outlines several steps in the right direction in the battle against cyber-crime. First and foremost, it recognises that there is no possible way to patch something you don’t know you’re exposed to. This is critical when you recognise that the days…
-
By: Taylor Armerding, Software Security Expert, at Synopsys Software Integrity Group A common declaration at security conferences is that if organisations invest in software security, it will pay dividends. Indeed, “investment” implies a dividend. You put money, time, and effort into something — the bank, a stock, an exercise program, an education — with the…
-
By: Nivedita Murthy, Senior Security Consultant, at Synopsys Software Integrity Group DevSecOps is the practice of integrating security into every stage of the DevOps pipeline. It unites development activities, operations support, and security checks, and coordinates the teams involved in the software development life cycle (SDLC). The synergy between the teams is helped by automation.…
-
By: Taylor Armerding, Software Security Expert, at Synopsys Software Integrity Group If those tools aren’t used correctly, at the right time, and in the right way, they can flag an overwhelming number of potential vulnerabilities, many of them insignificant or irrelevant to a particular project. And that can frustrate development teams to the point that…
You must be logged in to post a comment.