The BSIMM: 5 key steps to a better software security initiative | Synopsys
The goal of an SSI is to improve security at every stage of the journey. Start and/or improve your SSIs today with these key steps observed in BSIMM11.
BSIMM11 tracks top trends in market activity | Synopsys
Measure and improve your software security initiative using the four key market activity trends observed in the new BSIMM11 report.
Bug bounty programs: A good security tool, but not the only tool | Synopsys
Bug bounty programs are becoming more popular. Do they work? What are the pitfalls of crowdsourcing application security testing? Our experts weigh in.
BSIMM11: Track the cutting edge of software security initiatives | Synopsys
BSIMM11 gathers research on software security activities from real-life firms to create a guide to help you navigate your software security initiative.
Bug elimination: Code scanning, fuzzing, and composition analysis | Synopsys
This three-part tutorial, produced by Synopsys, is loosely based on a training course that Dr. DeMott gave at Black Hat USA in 2016.
3 ways to build a recruiting culture in the AppSec industry | Synopsys
When we acknowledge how we grew our careers, we often think about those great mentors, managers, and companies that gave us the opportunity to shine.
Why you need to build AppSec into your DevOps process | Synopsys
To leverage open source in application development safely, you need to build AppSec into your DevOps process, including use of open source components.
A Spell Check Equivalent for Building Security In | Synopsys
The concept of spell check is intriguing when considered in the context of security. Learn how tools can train developers and build security into software.
Building A Browser Extension? Be Careful Not To Accidentally XSS the Whole ...
Building meaningful security metrics | Synopsys
Many people in security disciplines are looking to metrics as a way to demonstrate the efficacy of their efforts and show continuous process improvement.
Building Standout Projects with the Open Source Community | Synopsys
With free options available for using, evaluating and contributing to open source projects, improving the quality of community projects has become easier. Are you a contributing member of the open ...
Building security into IoT software development | Synopsys
The Internet of Things (IoT) will create a software development surge unprecedented in scope and reach. And building security into IoT devices is crucial.
BURP's proxy tool and the case of the missing cipher suites | Synopsys
As I began sorting through several of the issues, I stumbled across one that read “BURP proxy tool missing cipher suites.” Here's how to resolve the issue.
Busting the SQL stored procedure myth | Synopsys
One of the commonly proposed remedies for SQL Injection is to use SQL stored procedures. It's time to replace myth with the facts.
Business logic: High frequency trading's security lessons | Synopsys
Building security in means not only preventing vulnerabilities but also accounting for misuse/abuses appropriate to a system's business functions.
Security Architecture & Design Knowledge | Synopsys
Read how a few steps can help develop your security architecture practice with smart architects who shepherd apps through design.
California password law: Better passwords won't help much | Synopsys
The new California password law demonstrates lawmakers' misunderstanding of how connected devices work, how the internet works, and even how passwords work.
Cardiac patient data at risk, Philips reports | Synopsys
Philips notified government agencies so all users were warned about a risk to cardiac patient data, and they could take defensive measures. The notification came earlier this month after it ...
Developer enablement: Moving beyond 'moving left' | Synopsys
We're currently seeing a recalibration of the developer's role in software security. We are about to see a new wave of what I call developer enablement.
Security Vulnerabilities Cathedral vs. Bazaar | Synopsys
The debate about how to find software security vulnerabilities is the classic duality between the Cathedral and the Bazaar method of software development.
Chain Heist and blockchain security at DEF CON 2019 | Synopsys
Chain Heist, our blockchain capture-the-flag at DEF CON 2019, showed that vulnerability detection tooling for blockchain security still has a way to go.
A CISO’s guide to sensitive data protection | Synopsys
As companies become more digitized, they must take appropriate steps in their application security processes to ensure data protection.
Celebrating freedom with free beer and open source software | Synopsys
Freedom is central to American culture. So the Fourth of July is also a great time to celebrate the four freedoms of FOSS (free and open source software).
Open source for lawyers: The challenges of open source use | Synopsys
Open source is widespread because it’s easy to use. But it comes with unique security challenges, and poor open source management can be a costly liability.
CISO Strategies for Overcoming Weak Organizational Trust | Synopsys
Here are 5 CISO strategies to overcome weak organizational trust and become a highly effective security leader within your firm.
Closing the gender gap in today’s tech industry | Synopsys
There’s a history of gender inequality in the workforce, and the tech industry is no exception. Here are four ways to help address it.
Closing the CVE gap still a work in progress | Synopsys
It’s hard to think of a better security concept than the CVE (Common Vulnerabilities and Exposures) program. It amounts to crowdsourcing security.
The security implications of the Hillary Clinton email scandal | Synopsys
Far beyond politics, the Clinton email scandal of 2016 had real security implications. What lessons can security stakeholders take away?
How to choose between closed source and open source software | Synopsys
Compared to the “openness” of open source software, closed source software’s proprietary nature is scary. Explore when and how each best fits your needs.
Cloud-Based Application Security Testing Challenges and Tips | Synopsys
To overcome cloud-based application security testing challenges, service providers must ensure cloud security around applications, services, and data.
How to get training in cloud security for your team | Synopsys
To give your team the latest cloud security training, you need a fixed core curriculum and the flexibility to customize cloud training to each person’s needs.
5 Cloud-Based Application Security Testing Essentials | Synopsys
This article highlights what, how, why, and when to choose cloud-based application security testing through the five essential factors.
Cloud migration: How and why business is moving to the cloud | Synopsys
Most businesses either have a cloud migration strategy or have already moved. Cloud is simply better than on-premises—and not just because of lower costs.
Survey: Companies face cloud data migration challenges | Synopsys
Failing to plan for cloud data migration challenges can result in data loss, breaches, and noncompliance, which increase costs and damage brand reputation.
Why code dependencies matters for static analysis (SAST) | Synopsys
How do static analyzers manage code dependencies? There are many ways, but the best static analyzers take a hybrid approach to dependency analysis.
Cloudera IPO: Risk for cyber attacks, lawsuits & loss of IP? | Synopsys
Get perspective on the Cloudera IPO S-1 filing. Cloudera, a data management & machine learning company, may be the second open source unicorn IPO this year.
Cloud storage security and mobile apps | Synopsys
What's the state of cloud storage security? Not great. Cloud storage vulnerability research found 56 million records of unprotected data in cloud databases.
CloudBees and Synopsys: Putting “Sec” into DevSecOps | Synopsys
CloudBees Core users can add Synopsys AST offerings to their pipelines to boost their software security posture without slowing down application delivery.
Cloudbleed, like Heartbleed, may affect millions | Synopsys
The new Cloudbleed vulnerability, like Heartbleed, was discovered through routine fuzz testing and may affect 5.5 million websites and millions of users.
Code quality issues in CWE Top 25 and static analysis | Synopsys
MITRE's 2019 CWE Top 25 list contains many code quality issues that can result in security vulnerabilities. Static analysis can help you mitigate them.
Code quality and code security: How are they related? | Synopsys
Code quality and code security aren’t the same, but they’re closely related. And in the current cyberthreat environment, developers should care about both.
Squash More Bugs With This Code Review Checklist | Synopsys
The following code review checklist identifies where reviews should occur to reduce the cost and time spent remediating bugs later in the life cycle.
Code Sight IDE plugin now integrates both SAST and SCA | Synopsys
With new SCA capabilities, the Code Sight IDE plugin detects vulnerabilities (CVEs) in the open source you use, alongside weaknesses in proprietary code.
Code Sight IDE plugin 2019.4 supports more languages, IDEs | Synopsys
The Code Sight IDE plugin uses the Coverity static analysis engine to find issues as developers code. Release 2019.4 supports more languages and IDEs.
Join Synopsys at codenomi-con and Black Hat USA 2019 | Synopsys
Black Hat USA 2019 is in Las Vegas, Aug. 7–8. Visit us for a chance to win a Nintendo Switch, and join us at codenomi-con at the Skyfall Lounge on Aug. 6.
Coding bootcamps need to teach secure coding practices | Synopsys
Coding bootcamps fill development seats fast—but the trade-off for speed is security. How do you fill the security training gaps in your developers’ education?
Codenomicon joins Synopsys: Software is everywhere | Synopsys
Codenomicon joins the Synopsys Software Integrity Group in the mission to help development teams build secure, high-quality software faster.
CodeXM: Awesome Code Checker Power (Itty-bitty Learning Curve!)
The Software Integrity Group folks occupy themselves with all this "magic" in order to help find logical errors and security flaws in your code with Coverity. When building a tool to write your own...
Commercial application security: 6 facts you didn't know | Synopsys
Our Open Source Security and Risk Assessment report analyzed 1,000 audits. Here are my top 6 takeaways on open source in commercial application security.
Web Application Security Testing Checklist | Synopsys
This web application security testing checklist guides you through the testing process, captures key testing elements, and prevents testing oversights.