Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2024

Accelerate application code fixes with AI-powered Polaris Assist

We're excited to announce the availability of Polaris Assist, our AI-powered application security assistant that combines decades of real-world insights with a powerful large language model (LLM). Polaris Assist gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster.

Introducing Polaris Assist: Your virtual security assistant | Synopsys

Polaris Assist is a virtual assistant that combines generative AI with decades of Synopsys curated real-world vulnerability, risk, and secure coding data to simplify and streamline application security. Polaris Assist AI capabilities will first be introduced on the Polaris Software Integrity Platform by analyzing static analysis data.

Building a software Bill of Materials with Black Duck

A necessary step in securing an application is evaluating the supply chain of each component used to create the application—no matter how many hands were involved in its development. If any links in the supply chain are obscured, it can be difficult to confidently assess the amount of risk that an application is susceptible to.

Understanding Python pickling and how to use it securely

Pickle in Python is primarily used in serializing and deserializing a Python object structure. In other words, it’s the process of converting a Python object into a byte stream to store it in a file/database, maintain program state across sessions, or transport data over the network. The pickled byte stream can be used to re-create the original object hierarchy by unpickling the stream. This whole process is similar to object serialization in Java or.Net.

Solving telecom network security challenges with Defensics

The telecommunications industry has undergone tremendous changes in recent years. From the days when consumers could only make and receive voice calls on a landline to the broadband internet era in which people use data and stream videos on the go, telecom networks constitute an important backbone of the national economy. Telecom networks have evolved from 3G to 4G and 5G technologies.

Filter and prioritize IAST vulnerability findings using Project Views in Seeker | Synopsys

In this video, Product Manager, Scott Tolley shows how setting up the new Project Views feature in Seeker can help developers focus their time and attention on the most relevant vulnerability findings in running applications– without hiding the full details from security team. This new feature lets security and development teams...

Top 10 free pen tester tools

A craftsman requires the appropriate skills and tools to work in tandem in order to create a masterpiece. While tools are an important enabler in the process of creating the best piece of work possible, the process also requires relevant experience and expertise on the part of the craftsman. Much like craftsman’s toolbox, a pen tester’s toolbox has wide variety of pen tester tools to work with based on the business objective.

Securing the software supply chain with Black Duck Supply Chain Edition

Each year, our "Open Source Security and Risk Analysis” (OSSRA) report highlights the fact that open source software (OSS) plays a critical and substantial role in modern application development, and it is therefore foundational to the software supply chain. The prevalence of OSS within commercial applications makes it difficult to track, and that makes it difficult to manage the risk that it may introduce.

Mitigate Upstream Risk in your Software with Black Duck Supply Chain Edition | Synopsys

In this video, we introduce the new Black Duck Supply Chain Edition, which provides a full range of supply chain security capabilities to teams responsible for building secure, compliant applications. With third-party SBOM import and analysis, malware detection, and export options in SPDX or CycloneDX formats, teams can establish complete supply chain visibility, identify and mitigate risk, and align with customer and industry requirements.

What is the Xz Utils Backdoor : Everything you need to know about the supply chain attack

A week ago, on March 29th, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that two versions of xz Utils, were found to have been compromised. The xz Utils code had been tampered with to include a malicious “backdoor” that would ultimately give attackers the same level of control over affected systems as authorized administrators.

SANS report: Securing the shifting landscape of application development

Major shifts in application development are creating new and significant security risks. Continuous integration/continuous delivery (CI/CD) pipelines and technology advances like automation and AI mean the development process is now so complicated and fast-moving that corporations, DevOps directors, and security groups struggle to understand and manage it, let alone defend it from assaults.

Top open source licenses and legal risk for developers

If you’re a software developer, you’re probably using open source components and libraries to build software. You know those components are governed by different open source licenses, but do you know all the license details? In particular, do you know the sometimes-convoluted licensing conditions that could pose compliance challenges for your organization?