Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2022

AppSec Decoded: Addressing NIST guidelines begins with understanding your risk profile | Synopsys

In this second of two episodes of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Tim Mackey, principal security strategist within the Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys, continue their conversation on how the guidance from NIST can help any organization.

Synopsys and the new Automated Source Code Data Protection Measure have you covered

We break down the ASCDPM standard and how Synopsys application security testing tools can help customers implement this new guidance. In early August 2022, the Consortium for Information & Software Quality (CISQ) released a new specification, the Automated Source Code Data Protection Measure (ASCDPM). CISQ is an industry leadership group that develops international standards for automating the measurement of software size and structural quality from source code.

What I wish I knew about security when I started programming

It’s critical for developers to understand basic security concepts and best practices to build secure applications. Software developers are creative problem solvers. Their job is to build functioning applications, and they deal with rapid changes—in technologies, tools, and programming languages—as the landscape evolves and the development velocity accelerates. A key part of the development process is ensuring that the products delivered meet user needs and the goals of the business.

API authentication and authorization best practices

Learn about API authentication and authorization best practices to ensure your APIs are secure. While we often use the terms interchangeably, authorization and authentication are two separate functions. Authentication is the process of verifying who a user is, and authorization is the process of verifying what they have access to.

AppSec Decoded: The NIST guidance on supply chain risk management | Synopsys

In this first of two episodes of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Tim Mackey, principal security strategist within the Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys, discuss the overall focus of that guidance: How to build processes and programs around risk-based principles.

The four most important aspects of software due diligence audits

Understanding the key aspects of software due diligence audits will help you know what to look for in a trusted M&A partner. At some level, the pitch for any software-related service is the same: We have the expertise to provide high-quality solutions to your challenging problems. Sometimes that expertise is “powered by” proprietary technology. That’s well-aligned to what prospective clients look for in most software service scenarios.

Synopsys and ESG report points to prevalence of software supply chain risks

New research shows organizations are significantly increasing efforts to secure their supply chains in response to software supply chain attacks like Log4Shell, SolarWinds, and Kaseya. Today, the Enterprise Strategy Group (ESG) released “Walking the Line: GitOps and Shift Left Security,” a multiclient developer security research report examining the current state of application security.

AppSec Decoded: An introduction to the Synopsys Cybersecurity Research Center | Synopsys

Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Center (CyRC), talks with Taylor Armerding, security advocate at Synopsys, about CyRC’s major annual reports, including the “Open Source Software and Risk Analysis”(OSSRA) report, which uses anonymized data from M&A audits to develop a profile of how much open source is in the software ecosystem, how organizations are using it, and whether they’re keeping it up-to-date.

CyRC Vulnerability Analysis: Repo jacking in the software supply chain

Repo jacking is often the first step in a supply chain attack. Learn the security methods and tools used to help protect your organization. In recent months, an increasingly prevalent threat to open source repositories has been the observed in the rise of cases of repository hijacking—repo jacking for short.

AppSec Decoded: Methods and tools for SBOM generation | Synopsys

President Biden’s executive order calls for agencies to buy only software products that have a software Bill of Materials (SBOM). Mike McGuire, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss the role SBOMs will play in application security and what tools and methods organizations can leverage to create a comprehensive SBOM.