Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

synopsys

Open source software: A pillar of modern software development

Open source software provides companies with a competitive edge but when used incorrectly, it can lead to risks in the software supply chain. Today’s modern software applications simply would not exist, or be as powerful, without the use of open source software (OSS). Developers design open source software with source code that is accessible for anyone to use, modify, and learn from, and they release the code with specific licensing rights.

synopsys

Software risks and technical debt: The role of process in determining good software

Understanding how software is developed and the areas impacted by technical debt can help lawyers and investors assess software risks during an M&A. Insight into how software is developed and what kinds of issues can lurk in a codebase enables businesspeople and lawyers to better understand software risks and how to mitigate them.

synopsys

Black Duck's New Year's Resolution

The new Black Duck SCA release offers enhancements to help organizations to better understand the potential risks in their software supply chain. Black Duck® software composition analysis (SCA) started the new year off strong and got a running start on its resolution to better help teams secure their software supply chain at the speed of modern software development. Let’s look at some of the highlights of the 2023.1.0 release.

synopsys

2023 cybersecurity predictions that should be on your radar

Our 2023 cybersecurity predictions are in. The experts weigh in on trends and how they’ll shape cybersecurity efforts in the year ahead. It’s still the season for gazing into the crystal ball that tells us what’s going to happen in the world of cybersecurity for the rest of the year. Or at least we wish it would. Crystal balls are always cloudy, which means predictions are hard—especially about the future, as the late, great Yogi Berra said.

synopsys

Prioritizing open source vulnerabilities in software due diligence

Black Duck Security Advisories provide actionable advice and details about open source vulnerabilities to help you improve your remediation activities. A vulnerability is a software bug that hackers can exploit to attack an application. Ideally, software is written so as to proactively thwart the efforts of bad actors, but that is often not the case.

synopsys

OWASP Top 10: Broken access control

Listed as #1 on the OWASP Top 10 list, broken access control is when an attacker can gain unauthorized access to restricted information or systems. Access control ensures that people can only gain access to things they’re supposed to have access to. When access control is broken, an attacker can obtain unauthorized access to information or systems that can put an organization at risk of a data breach or system compromise.

synopsys

Finding hard-coded secrets before you suffer a breach

Your organization could be at risk if you’re not handling hard-coded secrets properly. The Synopsys AST portfolio has you covered at every stage of the SDLC. By: Ksenia Peguero, Naveen Tiwari, Lijesh Krishnan, and DeWang Li The most severe vulnerabilities in a system or application can be caused by an easily overlooked issue—for example, a leaked hard-coded secret can allow an attacker to steal data or compromise a system.

synopsys

Cybersecurity Research Center Developer Series: The OWASP Top 10

In this new Cybersecurity Research Center series, we analyze the OWASP Top 10, which is a list of the most common vulnerabilities in web applications. In application security, the Open Web Application Security Project (OWASP) Top 10 list is a valuable resource for DevSecOps teams that oversee the development and security of web applications. The OWASP Top 10, updated every four years, lists the most common vulnerabilities in web apps based on a consensus among contributors from the OWASP community.