Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2021

Six Python security best practices for developers

Python is a valuable programming language, but using it without proper security best practices puts applications at risk of an attack. Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility.

AppSec Decoded: A proactive approach to building trust in your software supply chain | Synopsys

In this episode of AppSec Decoded featuring Sammy Migues, principal scientist at Synopsys and coauthor of the BSIMM report, and Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), we discuss why the software supply chain is an inviting target for hackers and how companies can implement a proactive approach to software supply chain security with security activities that won’t slow down innovation.

Effective software security activities for managing supply chain risks

BSIMM12 reports increased attention on software security due to recent supply chain disruptions. Get recommendations for managing supply chain risks. As the global pandemic disrupted the way business is conducted, the workforce became more dispersed and moved far from the traditional secure enterprise environments.

Don't let Trojan Source sneak into your code

Protect your organization from the Trojan Source exploit with fast and trusted vulnerability detection from Rapid Scan Static. As everyone in the industry knows, all software vulnerabilities are not equal—some are trivial, some are irrelevant, and some are severe. Obviously, you should focus your attention on those that are characterized as severe. The recently published Trojan Source (CVE 2021-42574) vulnerability falls into the severe category—meaning you should give it full attention.

Build Trust In Your Software | Synopsys

Digital transformation is reshaping the way organizations operate. Whether you’re one of the thousands of companies that sell software, or one of the millions that use software to run your business, your ability to innovate and deliver value to your customers is powered by secure, reliable software. See why trust matters with Synopsys.

A stitch in BIND saves nine

A vulnerability was discovered in the named DNS server implementation contained in the development branch builds of BIND 9. This is a story of catastrophe averted. It’s a case study for the value of fuzzing in software development. Synopsys Cybersecurity Research Center (CyRC) researchers discovered a denial-of-service vulnerability in development branch builds of BIND 9 by Internet Systems Consortium (ISC).

Software risks in private equity buyouts | Synopsys

We’ve been briefing private equity investment professionals on how software is developed today and the risks it creates in the software. Understanding issues in the code allows investors to ensure that deal terms fairly allocate risk and to allow for addressing in forward-looking plans. Watch the video to learn about the legal, security, and quality software risks to look for during a software due diligence and the approaches for managing those risks.