How to avoid the top 10 software security flaws | Synopsys
Half of all software security defects are design flaws, not bugs. Here are 10 do’s and don’ts to help you avoid the most common software security flaws.
Avoiding False Positives in Application Security Testing | Synopsys
With an increase in tool-based scans throughout the security industry, it's even more challenging to identify the right issues and reduce false positives.
Don’t let AppSec tool overload slow down your development | Synopsys
Application security testing tools help developers understand security concerns, but having too many tools can do more harm than good.
Backdoor Found In Government AV Equipment | Synopsys
A supplier for audio-visual equipment to the US federal government issued an update to its products that removed a potential backdoor vulnerability.
Bad security habits (5 things you should stop doing right now) | Synopsys
Security awareness training teaches us not to reveal personally identifiable information to social engineers. Here are 5 bad security habits to break now.
Badlock bug early notice on website draws criticism | Synopsys
The Badlock bug website went live three weeks ahead of full disclosure and software updates. But some practitioners question the need for the early notice.
Bad Signal gets quick fix | Synopsys
It looked like a bright spot in a gloomy week for the encrypted messaging app Signal. And it was, in fact, a positive thing—a patch for a serious XSS vulnerability that the company made available ...
Badness-ometers are good. Do you own one? | Synopsys
Badness-ometers, or black box application security testing tools, are good. But you have to do more than just fix the code issues your badness-ometers find.
So, You Want to Be a Data Protection Officer | Synopsys
The GDPR requires many companies who handle personal data of EU citizens to appoint either an employee or contractor to be their Data Protection Officer.
What it takes to be an open source rookie | Synopsys
In our Open Source Rookies of the Year report, we honor the most innovative, influential open source projects released to the community the previous year.
Beware the Beerware License (and other open source licenses) | Synopsys
Many companies are relaxed about reusing software under the Beerware License and similar open source licenses. But not all such licenses are created equal.
Behshad Rejai on the past and future of software development | Synopsys
With 36 years of experience, Behshad Rejai, VP of engineering in the Software Integrity Group, shares her views of the future of software development.
Behavioral security at RSA Conference 2018 | Synopsys
We all know we can’t escape our genes. Turns out we can’t escape our behavior either. It’s hardwired into all of us, to the point that with the data analytics enabled by machine learning (ML), it’s...
How to benchmark your software security strategies | Synopsys
Evaluating the progress of your software security journey is essential, but it can be a challenge. Consider these 10 strategic benchmarking tips.
Benefits of Code Scanning for Code Review | Synopsys
Using code scanning tools to review code helps developers identify the simple and recurring problems introduced as they write code.
The Best Way to Secure Applications in 2018? Learn from 2017 | Synopsys
What a turbulent year in application security! How can we learn to best secure applications in 2018? Let's look at the data and security breaches of 2017.
Cybersecurity Executive Order requires new software security standards | ...
President Biden's Cybersecurity Executive Order requires new software security standards and best practices. Learn what you can do to prepare now.
Biden's cyber security strategy in the first 100 days | Synopsys
Cyber security experts weigh in on what we’ve learned about President Biden’s cyber security strategy in his first 100 days in office.
Opinion: The biggest cyber security threats for 2020 | Synopsys
What are the biggest cyber security threats in 2020? We asked some experts, who warned us about insider threats, disinformation, privacy, IoT, 5G, and more.
The biggest data breaches from 2015 that will live in infamy | Synopsys
Join us as we explore three of the biggest data breaches from 2015, why they happened, and what you can do to protect your organization in 2016 and beyond.
Lessons learned from the biggest data breaches of 2016 | Synopsys
These aren’t the only data breaches from 2016, but they are some of the biggest, and they highlight what attack vectors to watch out for in the future.
The biggest data breaches in 2017: What they mean for 2018 | Synopsys
More vulnerabilities were publicly disclosed in 2017 than ever before. What do the biggest data breaches from 2017 say about the future of cyber security?
Better IoT security depends on consumers and manufacturers | Synopsys
Better IoT security requires a change in consumer culture and habits. But manufacturers should be doing more as well, with better guidance from government.
Binary code analysis without access to source code | Synopsys
Binary code analysis tools are essential when you don’t have access to a build environment or source code. Here are some use cases for scanning binary code.
BinAuthz webinar: Black Duck in the software signing process | Synopsys
In our BinAuthz webinar, Sandra Guo (Google) and Tomas Gonzalez (Synopsys) explain Black Duck’s role in the software signing process. Available on demand.
Biggest data breaches in 2019: A list of 6 of the worst | Synopsys
How do you evaluate the impact of a data breach? Here are six of the biggest data breaches in 2019 in terms of millions, even billions, of people affected.
Black Duck Audit reports: Better open source visibility for M&A | Synopsys
Black Duck Audit reports help you understand your license compliance, software security, code quality, and web services risks—and now they’re even better.
Black Duck 4.5 updates: Roles, licenses, and code snippets | Synopsys
In Black Duck 4.5, we've improved the functions and controls used by development and security teams to create the most effective SCA tool for the job.
Black Duck Audits and Synopsys: Running the walk | Synopsys
Synopsys offers a range of software security services that go beyond open source. These offer Black Duck Audit customers better due diligence service.
Black Duck Binary Analysis scans over 1 million applications | Synopsys
Black Duck Binary Analysis has now scanned over a million apps. Learn how binary analysis helps you detect potential time bombs hidden in your software.
Black Duck continues to expand vulnerability prioritization methods | Synopsys
Today’s release of Black Duck adds vulnerability impact analysis, which indicates whether your application executes vulnerable code. Let’s look at how this addition further augments your ...
Introducing Black Duck for Google Cloud Build | Synopsys
To support the launch of Binary Authorization, we’re releasing Black Duck for Google Cloud Build to help ensure your images are free of policy violations.
Black Duck and Google Grafeas: Improving container visibility and security | ...
We've been working with Google on testing and development of the Google Grafeas API, improving visibility into open source vulns in production environments.
Introducing the Black Duck Jira Cloud integration | Synopsys
The Black Duck Jira Cloud integration is based on a flexible, customizable model, backed by the same exemplary Black Duck software composition product.
Everything you need to know about Black Duck Security Advisories
When we released Black Duck Hub 4.4, we announced our own Black Duck Security Advisories, a more complete and in-depth view of your vulnerabilities. Learn more about Black Duck Hub's detailed ...
Black Duck Brings Open Source Vulnerability Detection to Kubernetes | Synopsys
Black Duck OpsSight for Kubernetes helps organizations scan and monitor for newly discovered vulnerabilities in their production environments.
Using Black Duck to scan Red Hat Quay container images | Synopsys
The Black Duck Connector for OpenShift, which identifies and tags open source components, can now scan Red Hat Quay container registry images via a webhook.
Get actionable insights from Black Duck Security Advisories | Synopsys
Identifying security vulnerabilities is only half the battle. To remediate and prioritize them, you need Black Duck Security Advisories.
Black Duck Audits at Synopsys: Our kind of company | Synopsys
The core values at Synopsys really tell the story of what a great home it is for Black Duck overall and the software audit business in particular.
Black Friday advice for retailers and shoppers: Up your cyber security | ...
We’ve got some Black Friday advice for retailers and shoppers who want to keep everyone’s data safe and secure, for a truly happy holiday season.
Black Friday and Cyber Monday security concerns | Synopsys
Ahead of the upcoming shopping season, we’re spreading awareness of potential Black Friday and Cyber Monday security concerns affecting people who shop and sell online.
Can blockchain and the BTC license fund health insurance? | Synopsys
The permissive BTC license employs Blockchain and may signal a new trend that could transform the way many developers work.
Blockchain security best practices based on software security | Synopsys
With huge amounts of money being invested in blockchain software, the community must establish blockchain security best practices for emerging platforms.
Blockchain application security and the cryptocurrency boom | Synopsys
From the distributed network to the individuals who use cryptocurrency wallets to transfer or spend Bitcoin, application security is key to prevent theft.
Blockchain security theory and the cryptocurrency boom | Synopsys
With early adoption of technology, there's risk. Thus, the natural inclination to question blockchain security and its potential for cyber attack.
BlueBorne Bluetooth flaws, impact, and mitigation | Synopsys
As of Sept. 12, 2017, much of the code vulnerable to BlueBorne Bluetooth attacks remains unpatched. Learn what you can do to secure your code.
Is breach of the GPL license breach of contract? | Synopsys
Read our analysis of the case of Artifex Software, Inc., v. Hancom, Inc., settled out of court, regarding breach of the GPL license and breach of contract.
Breach in healthcare data: One step too far | Synopsys
Will the emotional aspect make the Anthem breach a milestone breach in the IT Security historical narrative? Time will tell.
How to break car kits with Bluetooth fuzz testing | Synopsys
How do you find vulnerabilities and issues in Bluetooth-enabled devices? One of our favorite methods is fuzzing. Learn how to fuzz test Bluetooth car kits.
Who are BSIMM participants? BSIMM10 infographic (PDF) | Synopsys
How many BSIMM participants have a software security group? How many think it’s key to their success? How many people are in the average SSG? Get the facts.