AGPL: Out of the Shadows - the Affero GPL 3 | Synopsys
Shortly after the release of GPL3, the FSF released Affero GPL 3, or AGPL. There were two philosophical camps in drafting GPL3: one that GPL3 incorporate new conditions to close the “SAAS loophole”...
Hard questions after an airline software ‘glitch’ leads to a crash | Synopsys
The parts and systems on an airplane don’t have to fail in a big way to have big consequences. A flaw in airline software could be a matter of life or death.
Agile Software Development Tricks for the Security Savvy | Synopsys
Waiting for the agile fad to pass? Agile software development is here to stay and is being adopted by organizations of all sizes.
Balancing Agility and Open Source Security for DevOps | Synopsys
Open source insight this week, lots of DevOps news including why automation is critical for securing code, as well as balancing agility with security needs.
Improper Input Flaw Affects Most Android Phones | Synopsys
Security researchers disclosed that a Qualcomm flaw that may expose users' text messages, call histories, and possibly other sensitive data.
1.4 Billion Android Devices Vulnerable to Hijack Attacks | Synopsys
Roughly 80 percent of all Android devices contain a Linux vulnerability that affect unencrypted communications and allow attackers to hijack data.
Android Full-Disk Encryption Flaw May Have Been Previously Known to Google | ...
Are Android OEMs responsible for the gap in mobile security updates? | Synopsys
There may be legitimate reasons why an OEM or carrier may choose not to push out a security update for a particular type of device. Get the full story.
An OWASP interaction model | Software Integrity Blog
The OWASP board decided to support a partnership model with private industry. See how this model may work to shape existing OWASP assets.
Here Are the Top 10 Best Practices for Securing Android Apps | Synopsys
No matter what type of Android app you intend to build, consider these 10 best practices for improving the security posture of your Android mobile apps.
Up to 900 Million Android Phones Vulnerable to Qualcomm Flaw | Synopsys
Four major security holes have been disclosed affecting the Qualcomm chips in several recent, popular mobile phones.
Black Hat Europe 2017 examines Android's SafetyNet Attestation | Synopsys
Join John Kozyrakis and Collin Mulliner at Black Hat Europe 2017 to take a deep dive into Android's SafetyNet Attestation. Learn more.
Since a WebView is a browser control in an app, it invites traditional attacks associated with the web. We examine how to protect against these attacks.
AngularJS 1.6: Life Outside the Sandbox | Synopsys
If you haven't already evaluated the impact of this on your Angular code in preparation for the changes, it's high time to do so.
An Escape Room Called the “AngularJS Sandbox” | Synopsys
The AngularJS sandbox should not be considered a security boundary. Here, we'll explore what that's the case and how to protect against vulnerabilities.
Answering the most frequently asked questions about GDPR | Synopsys
What’s the definition of “personal data” under GDPR? What are the penalties for noncompliance? How can Synopsys help you along your GDPR compliance journey?
AngularJS Is Secure by Default, Right? Not So Fast. | Synopsys
While Angular adds much-needed features to the language, it also creates a handful of new problems for developers.
Recognizing Another Type of Threat: Non-targeted Attacks | Synopsys
Non-targeted attacks exploit a weakness in software and in an organization’s defenses: awareness of vulnerable components in their applications.
AngularJS Security Series Part I: Angular $http Service | Synopsys
Our goal for this AngularJS security series is simple: to help developers better understand Angular and embrace the practice of writing more secure code.
Anti-Virus Scan Shuts Down Medical Device … During a Procedure | Synopsys
A patient undergoing a routine cardiac catheterization procedure had to remain sedated 5 additional minutes while the device rebooted.
The Apache Software Foundation can take a joke, except about licensing
Generally, what the Apache Software Foundation (ASF) deems good is good for companies looking to consume open source, and what’s not is not. Their discussions are good to monitor regarding current ...
New Apache Struts 2 zero-day vulnerability: What you need to know | Synopsys
At this time, hackers are actively exploiting the critical Apache Struts 2 zero-day vulnerability and are able to take complete control of web servers. Run a scan using software composition ...
So Apache Broke Up With Facebook. How Does That Affect You? | Synopsys
Recently the Apache Software Foundation tagged the Facebook BSD+Patents license as a Category X license, the group barred from inclusion in Apache projects.
When Your Anti-Malware Program Has A Zero-Day | Synopsys
Software intended to protect your computer shouldn't be vulnerable to exploitation, yet that is what one security researcher is finding.
App security features and usability | Synopsys
Why do users feel they have to choose between security vs. performance, security vs. usability, or security vs. functionality? You don't have to choose.