Apr 12, 2021   |  By Taylor Armerding
Dr. Neil Daswani, codirector of the Stanford Advanced Security Certification Program, is coauthor with Moudy Elbayadi of “Big Breaches: Cybersecurity Lessons for Everyone,” released last month by APress. He is also president of Daswani Enterprises, his security consulting and training firm.
Apr 9, 2021   |  By Debrup Ghosh
Every spring, my family has an annual ritual of visiting our friendly primary care physician for our physical exams. Although it’s one of the last things my wife wants to do, these routine checkups are an important way to detect problems before they become more noticeable.
Apr 8, 2021   |  By Mari Puhakka
Fuzzing helps detect unknown vulnerabilities before software is released. Learn when and where to integrate and automate fuzz testing in your SDLC. Fuzz testing is a highly effective technique for finding weaknesses in software. It’s performed by delivering malformed and unexpected inputs to target software while monitoring it to detect unwanted behavior and log failures.
Apr 6, 2021   |  By Taylor Armerding
To solve the supply chain security dilemma, producers must get back to security basics. Get best practices for securing your supply chain. Nobody wants to be known as the weak link in the chain—any chain. But too many organizations are at risk of being just that in the digital supply chain because they haven’t made the cyber security of their products a priority. The most recent evidence of that is the SolarWinds/Orion cyber attack that impacted more than 18,000 organizations.
Mar 31, 2021   |  By Taylor Armerding
The pandemic has put a lot of things on hold over the last year, but medical device security shouldn’t be one of them. The millions of medical devices that help keep people healthy—and in many cases keep them alive—have drawn mixed reviews from security experts since the internet happened. Even more so in the past year since the pandemic happened. There is just about unanimous agreement that the benefits of those devices outweigh the risks.
Mar 30, 2021   |  By Taylor Armerding
As a CVE Numbering Authority, Synopsys can assign CVE ID numbers and publish newly discovered vulnerabilities. The Synopsys Software Integrity Group has been helping organizations find and fix vulnerabilities in their software for nearly a decade. And now it will be able to help them and the broader software industry even more.
Mar 26, 2021   |  By Jonathan Knudsen
Integrating AST tools into your CI/CD pipeline shouldn’t compromise your development velocity. Learn how Intelligent Orchestration can help. Sometimes it feels like software development is at the crux of the collision between an unstoppable force and an immovable object. The answer to putting security in every phase of development is partly process and partly automating and integrating security testing into the build and test phases of development.
Mar 24, 2021   |  By Chandu Ketkar
Healthcare companies must follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to. It’s vital that healthcare companies follow medical device security best practices to defend against attacks on devices and the networks and systems they connect to—especially during a pandemic.
Mar 19, 2021   |  By Kari Hulkko and Tuomo Untinen
A wireless LAN (WLAN), also commonly called Wi-Fi, is a wireless local area network defined in the various IEEE 802.11 standards and certified by Wi-Fi Alliance. WLAN capability used to be listed using the name of the IEEE standard amendment that it supports. Now the Wi-Fi Alliance uses generational numbering for corresponding technology support: Wi-Fi 4 (for devices implementing IEEE 802.11n), Wi-Fi 5 (IEEE 802.11ac), and Wi-Fi 6 (IEEE 802.11ax).
Mar 16, 2021   |  By Eugene Pakhomov
No matter where you are in your AppSec program, IAST tools can grow and scale with your organization’s needs. DevOps principles and practices are continuing to be adopted by a wide variety of companies, and here at Synopsys we’re working with our customers to help them in this journey. When it comes to DevSecOps, we have a comprehensive portfolio of products and services to help build security into every DevOps environment.
Feb 26, 2021   |  By Synopsys
In our latest episode of AppSec Decoded, Taylor Armerding, Synopsys security advocate, discusses the main drivers of DevSecOps adoption based on the findings from the BSIMM11 report.
Feb 1, 2021   |  By Synopsys
Watch our AppSec Decoded video series featuring Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center, to learn how to secure connected devices and why the responsibility falls on the manufacturer.
Dec 16, 2020   |  By Synopsys

Learn more about Synopsys Software Integrity:

Oct 21, 2020   |  By Synopsys
In our new video series, “AppSec Decoded,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre (CyRC), sat down with Laurie Carr, blog managing editor at Synopsys, to discuss the future of IoT devices and what it means for security and privacy.
Sep 22, 2020   |  By Synopsys

Learn more about Synopsys Software Integrity:

Oct 14, 2020   |  By Synopsys
Open source components are the foundation of every software application in every industry. But, its many benefits can often lead its consumers to overlook how open source affects the security of their application.
Oct 14, 2020   |  By Synopsys
You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
Oct 1, 2020   |  By Synopsys
More than 11.5 billion records with sensitive information were breached between January 2005 and January 2019 ( If your business stores, processes, or transmits cardholder data, it's imperative that you implement standard security procedures and technologies to prevent the theft of this sensitive information. Start by ensuring you're in compliance with the technical and operational requirements set by the Payment Card Industry Data Security Standard (PCI DSS).
Oct 1, 2020   |  By Synopsys
Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. But developers using web services might not have a suitable agreement to do so, and they may be inadvertently signing their companies up to terms of service. This white paper covers the types of risk associated with web services and how they can affect an M&A transaction.
Sep 1, 2020   |  By Synopsys
Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.
Sep 1, 2020   |  By Synopsys
Threat modeling promotes the idea of thinking like an attacker. It enables organization to build software with security considerations, rather than addresssing security as an afterthought. However, there are some very common misconceptions tha can cause firms to lose their grip around the threat modeling process. This eBook shines a light onto the essentials and helps to get your bearings straight with all things related to threat modeling.

Synopsys solutions help you manage security and quality risks comprehensively, across your organization and throughout the application life cycle.

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Build secure, high-quality software faster:

  • Integrate security into your DevOps environment: Integrate and automate application security testing with the development and deployment tools you use today.
  • Build a holistic AppSec program across your organization: Ensure your people, processes, and technology are aligned to defend against cyber attacks on the software you build and operate.
  • Get on-demand security testing for any application: Extend the reach of your application security team with cost-effective security testing by our team of experts.
  • Find and fix quality and compliance issues early in development: Maximize software reliability, minimize downstream maintenance headaches, and ensure compliance with industry standards.
  • Identify open source, code quality, and security risks during M&A: Avoid surprises that can materially impact the value of software assets your company acquires.
  • Assess your AppSec threats, risks, and dependencies: Go beyond security testing to understand likely cyber attack vectors and targets, as well as design flaws that can lead to security breaches.

Any software. Any development model. Any stage. Synopsys has you covered.