Synopsys Email Subscription Center Request Form | Register Form
https://www.synopsys.com/apps/subcenter/req1.php
Blast From the Past: 15-year-old Security Hole Hits Websites | Synopsys
https://www.synopsys.com/blogs/software-security/15-year-old-security-hole/
A flaw in Httpoxy, first disclosed 15-years ago, has resurfaced and potentially leaves server-side website software open to hijackers.
2015 Cyber Security Breaches That Will Live In Infamy | Synopsys
https://www.synopsys.com/blogs/software-security/2015-cyber-security-breaches/
Join us as we explore three cyber security breaches that made waves in 2015, and what they mean for the future of security.
What to Look Forward to at the 2017 Medical Device Security 101 Conference | ...
https://www.synopsys.com/blogs/software-security/2017-medical-device-security-101-conference/
Ensuring that healthcare providers, medical device manufacturers, and industry regulators are knowledgeable about security threats.
10 critical cloud security threats in 2018 and beyond | Synopsys
https://www.synopsys.com/blogs/software-security/10-cloud-security-threats-2018/
Explore 10 critical cloud security threats: data breaches, human error, data loss, insider threats, DDoS attacks, insecure APIs, exploits, account hijacking, APTs, and CPU flaws.
2017 Coverity Scan Report: Examining open source security and the road ahead ...
https://www.synopsys.com/blogs/software-security/2017-coverity-scan-report-open-source-security/
The 2017 Coverity Scan report examines OSS project risk, initiatives form the Linux Foundation, and the future of open source software. Learn more.
OWASP Top 10—A7: Request for removal and replacement | Synopsys
https://www.synopsys.com/blogs/software-security/2017-owasp-top-10-a7/
Proposed entry “A7 - Insufficient Attack Protection” is a potentially dangerous addition to the 2017 OWASP Top 10 Application Security Risks list.
Cyber security breaches nearly doubled in 2017 (and many were easily ...
https://www.synopsys.com/blogs/software-security/2017-preventable-security-breaches/
A few reasons for the increase are that attackers are getting better, tools are getting more sophisticated, and the attack surface continues to grow.
Have you taken the 2017 Software Quality and Security Survey?
https://www.synopsys.com/blogs/software-security/2017-software-quality-security-survey/
Are you involved in software security and/or development within your organization? Take the software quality and security survey today. Submit your input by 8/25 for your chance to win a $200 ...
Synopsys maintains leadership position in the 2018 Gartner Magic Quadrant for...
https://www.synopsys.com/blogs/software-security/2018-gartner-magic-quadrant/
We’re ready to meet the challenges your firm is facing and support your team on the journey to more secure, higher-quality software.
Introducing the 2018 CISO Report: A Q&A with Gary McGraw | Synopsys
https://www.synopsys.com/blogs/software-security/2018-ciso-report/
We recently sat down with Dr. Gary McGraw to discuss his latest research effort around the CISO role. Learn more about the findings in a new report.
The 3 Fundamentals of a Software Security Initiative | Synopsys
https://www.synopsys.com/blogs/software-security/3-software-security-initiative-fundamentals/
The most effective software security initiatives are tuned to fit your organization and built to scale.
We’re a 2018 NEVY Awards finalist for Cybersecurity Company of the Year | ...
https://www.synopsys.com/blogs/software-security/2018-nevy-awards-finalist/
We’re honored to be named a finalist for the Cybersecurity Company of the Year Award in the 2018 NEVY Awards, hosted by the New England Venture Capital Association (NEVCA) and presented by ...
2019 software security predictions: AI, IoT, and more | Synopsys
https://www.synopsys.com/blogs/software-security/2019-software-security-predictions/
Our experts share their 2019 software security predictions about AI/machine learning, design and standards, cloud adoption, and IoT, routers, and data in transit.
Life-forms descend on Leipzig #34C3: Chaos Communication Congress
https://www.synopsys.com/blogs/software-security/34c3-chaos-communication-congress/
At the 34th Chaos Communication Congress (#34C3), life-forms descended on Leipzig to encourage people to use technology to make the world better. Or TUWAT.
Online Safety Tips to Promote Within Your Company | Synopsys
https://www.synopsys.com/blogs/software-security/4-steps-to-encourage-online-safety/
Raise security awareness in your organization. You’ll protect your employees and your business. Get started with these online safety tips.
Views on the 30-Day Data Breach Notification Laws
https://www.synopsys.com/blogs/software-security/30-day-data-breach-law/
This week there has been much conversation around President Obama’s proposed law calling for organizations to publically disclose breaches within 30 days.
4 Risks in connected cars: security implications of open source | Synopsys
https://www.synopsys.com/blogs/software-security/4-risks-connected-cars/
At Flight Amsterdam I led a panel discussion on the security implications of open source in connected cars, joined by Gordon Haff and Simon Gutteridge.
The 4 Most Important Secure Development Disciplines | Synopsys
https://www.synopsys.com/blogs/software-security/4-important-secure-development-disciplines/
Building security into their DevOps culture by following 4 development disciplines enables Dynatrace to focus on secure software & product development.
5 things to do before your threat modeling assessment | Synopsys
https://www.synopsys.com/blogs/software-security/5-things-threat-modeling-assessment/
Here are 5 activities to undertake before your next threat modeling assessment that will set your team and organization up for success.
5 Reasons to Outsource Your Authentication Like You Do Your Credit Card ...
https://www.synopsys.com/blogs/software-security/5-reasons-outsource-authentication/
Implementing 1 or more of the providers doesn’t make security considerations go away, nor does it even make your application safe.
5 Ways To Pay Your Technical Debt Back | Synopsys
https://www.synopsys.com/blogs/software-security/5-ways-to-pay-your-technical-debt-back/
Secure your software development moving forward and reduce the creation of technical debt by aligning your software supply chain.
5 DevSecOps essentials and how to achieve them | Synopsys
https://www.synopsys.com/blogs/software-security/5-essentials-devsecops-world/
Embracing a DevSecOps practice requires key cultural and practical changes to integrate security into the SDLC. Learn about the 5 essentials for DevSecOps.
The 5 Pillars of a Successful Threat Model | Synopsys
https://www.synopsys.com/blogs/software-security/5-pillars-successful-threat-model/
Threat modeling identifies risks and flaws affecting a system.Here are 5 primary activities to perform when creating or updating a threat model.
6 months later, Spectre still haunts | Synopsys Software Integrity
https://www.synopsys.com/blogs/software-security/6-months-spectre-haunts/
It’s now more than six months since the major design flaw in computer chips labeled Spectre became public. And it's still haunting the world of information technology. For those who don’t have a ...
6 recommendations for healthcare cybersecurity | Synopsys
https://www.synopsys.com/blogs/software-security/6-recommendations-healthcare-cybersecurity/
The Health Care Industry Cybersecurity Task Force published its recommendations this month, with six key recommendations for healthcare cybersecurity.
Checklist: 7 elements of GDPR software security compliance | Synopsys
https://www.synopsys.com/blogs/software-security/7-elements-of-gdpr-software-security-compliance/
Our GDPR compliance checklist explains seven steps you can take to improve your software security initiative and illustrate GDPR software security compliance.
7 software security myths about security best practices | Synopsys
https://www.synopsys.com/blogs/software-security/7-myths-of-software-security-best-practices/
Software security best practices are meant to improve security initiatives, not secure single applications. Here are 7 software security myths to consider.
7 ways financial services firms can protect themselves | Synopsys
When it comes to the finance industry, there are strategies that firms can implement to lock down assets and data as securely as possible.
8 must-have features in an IAST solution | Synopsys
https://www.synopsys.com/blogs/software-security/8-must-have-features-iast-solution/
With so many vendors to choose from, finding the perfect IAST solution for your organization’s needs can be difficult. Here’s a checklist of 8 must-have features for any good IAST tool.
A Methodology for Quantifying Risks from Web Services | Synopsys
How do you quantify the risks from usage of Web Services that make calls to various APIs available commercially and in public domain for “free” usage?
AAMI TIR57 recognized by the FDA as a foundational cybersecurity standard for...
The AAMI TIR57 "Principles for medical device security - Risk management" standard was published by AAMI this summer.
9 highlights from the 2018 Software Integrity blog | Synopsys
https://www.synopsys.com/blogs/software-security/9-highlights-2018-software-integrity-blog/
From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year.
8 Takeaways from NIST’s Application Container Security Guide | Synopsys
NIST published the “Application Container Security Guide” in September to address security risks associated with container adoption. Read 8 key takeaways.
Abuse cases: How to think like a hacker | Synopsys
https://www.synopsys.com/blogs/software-security/abuse-cases/
There are no protections in place to help developers anticipate what a malicious user might do with a feature. There should be.
Achieving Open Source Security in Container Environments | Synopsys
How do you achieve open source security in containers? Companies need to have an understanding of the components and dependencies in their container images.
3 Ways Abuse Cases Can Drive Security Requirements | Synopsys
https://www.synopsys.com/blogs/software-security/abuse-cases-can-drive-security-requirements/
Learn how to use abuse cases effectively to improve the security of an application's business features.
Learn how to accelerate your agile security strategy | Synopsys
https://www.synopsys.com/blogs/software-security/accelerate-your-agile-security-testing-strategy/
Find the most aerodynamic way to build security into agile development with a variety of tools that effectively meet your firm's challenges.
Add Security to Your SDLC With This Handy Checklist | Synopsys
https://www.synopsys.com/blogs/software-security/add-security-sdlc-checklist/
This checklist will guide you throughout the development journey to assure that you’re integrating security into each of the seven SDLC artifacts.
Adding Security to your Agile Development Process | Synopsys
https://www.synopsys.com/blogs/software-security/adding-security-steps-to-your-agile-process/
An examination of the security steps that should be added to your Agile development process and determining the best way to add them.
IAST defined, plus the advantages of IAST for business-critical software
https://www.synopsys.com/blogs/software-security/advantages-iast-business-critical-software/
As an acronym, IAST is awkward to pronounce or to guess what it stands for. But as a testing tool, IAST is remarkably effective at rooting out potentially catastrophic bugs in web-based ...
Adobe Flash Flaw Compromises 'Kid-Friendly' Tablet | Synopsys
https://www.synopsys.com/blogs/software-security/adobe-flash-flaw-compromises-kid-friendly-tablet/
A newly disclosed software flaw allows remote hackers to follow user activity, activate in-built microphone, and take pictures using the device's camera.
'Active defense' is irresponsible | Software Integrity Blog
https://www.synopsys.com/blogs/software-security/active-defense-is-irresponsible/
A look at the idea of “Active Defense”, which basically boils down to attacking the people who (may have) attacked you. Is it irresponsible?
What’s the difference between Agile, CI/CD, and DevOps? | Synopsys
https://www.synopsys.com/blogs/software-security/agile-cicd-devops-glossary/
We've been seeing a lot of instances recently where Agile, CI/CD, and DevOps are used interchangeably. The truth is that they're actually rather different.
Learn How the Agile Security Manifesto Guides Secure Development | Synopsys
https://www.synopsys.com/blogs/software-security/agile-security-manifesto/
Learn how adding these 4 principles to the Agile Manifesto and your own process can help integrate critical security measures in a natural, efficient way.
Agile Development for Application Security Managers | Synopsys
Let's analyze agile development from the standpoint of application security, and look at ways to implement security into the Agile development methodology.
How Does Agile Overcome Common Software Security Challenges? | Synopsys
https://www.synopsys.com/blogs/software-security/agile-common-software-security-challenges/
Utilizing an Agile software development life cycle can optimize your practices to overcome common software security challenges. Learn how.
Agile Methodology and Application Security | Synopsys
Agile methodology and application security are often spoken of together as oil and water, but are they really?
Agile vs. security: Resolving the culture clash | Synopsys
https://www.synopsys.com/blogs/software-security/agile-vs-security/
When considering the clash that often results from agile vs. security, it's important to see that there's a difference between being agile and doing agile.