Over seven years later, the Heartbleed vulnerability still offers important lessons in application security. Heartbleed is a serious vulnerability discovered in the openssl open source software component in April 2014. This article is a deep dive on Heartbleed and its broader implications for application security.

If you’ve reached this page, you’re probably familiar with Spring and its basic mechanisms already. From its inception in 2002, Spring has become one of the dominant frameworks to build any kind of web application in Java. Web applications usually are the biggest interface between a company and its users—both internal and external. When security is neglected at the developer level, applications can become very desirable targets to hackers.

The most recent Transaction Advisors M&A Strategy Forum was held (virtually) in September and offered a wealth of information about deal tactics and terms. Transaction Advisors promotes best practices in all facets of M&A. (Full disclosure: Synopsys is a sponsor of the forum; we find the content very relevant to our clients.)

CVE-2021-33177, CVE-2021-33178, and CVE-2021-33179 are SQL injection, path traversal, and XSS vulnerabilities in the popular application, service, and network monitoring software Nagios XI.

In an effort to secure the software supply chain, Black Duck SBOM export capabilities now comply with the NIST standards in Executive Order 14028.

Looking to build trust in your software? Start with BSIMM12’s top five software security activities. For any organization looking to improve the security of its software, Building Security In Maturity Model (BSIMM) has dozens of options. Many dozens. The 12th iteration of the BSIMM report, released September 28, details 122 software security activities (also known as controls) that were observed in the 128 participating organizations.

Achieving a culture of DevSecOps is possible with the help of solutions like Intelligent Orchestration and Code Dx. As a trusted adviser to my clients, I use my unparalleled experience with a broad range of security tools to help them build and mature security programs. I work tirelessly to help them break down silos, facilitate collaborative change, create a culture of lean learning, and ensure continuous feedback and sharing, so they can build pipelines that are intelligent and risk-based.