Jan 19, 2022   |  By Phil Odence
Unique open source licenses provide amusement for developers but they create extra work for legal teams overseeing a company’s IP. Several of my open source friends had the same reaction when they heard of the death of Bob Saget. Sadly, the actor/comedian passed away last week at a relatively young age, and with him went an increment of open source license risk. Wait… what?
Jan 18, 2022   |  By Charlotte Freeman
Learn about the five cryptography best practices every developer should follow to secure their applications. Cryptography is a huge subject with dedicated experts, but that doesn’t mean developers can leave it entirely to their security teams. Building security into DevOps means you need to understand how to deliver secure, high-quality code at velocity. Having some basic cryptography under your belt will help.
Jan 10, 2022   |  By Natasha Gupta
Code Dx was recognized for its leadership in application security development. Learn how Code Dx helps to build trust in your software. Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best in Application Development Security.
Jan 3, 2022   |  By Phil Odence
Similar to a home inspection, M&A software due diligence helps organizations assess the risk of an investment. When a company buys another company, the due diligence process is analogous to a home inspection during a real estate transaction. A buyer sees only so much when they tour a home—enough to know they like it and to assess the value, but not enough identify hidden problems that might devalue the property. An in-depth assessment requires time and expertise.
Dec 16, 2021   |  By Taylor Armerding
To paraphrase the familiar yuletide song, in the world of IT this is “the most speculative time of the year.” True, tying predictions to the regular calendar may be a bit out of sync for much of the business and government world—the federal fiscal year begins on Oct. 1, and here at Synopsys we say Happy First Quarter on Nov. 1. But we all still celebrate the new year on New Year’s Day.
Dec 15, 2021   |  By Michael White
At midnight last Thursday, we experienced one of the most notable infosec events in years. A new zero-day exploit in a popular logging package for Java, Log4j, was discovered. The exact origin and timeline are still being investigated, but it’s important to note that this was not just a vulnerability announcement. The information disclosed was rapidly followed by fully functional exploit code—and the exploit itself turned out to be trivial to execute.
Dec 14, 2021   |  By Jonathan Knudsen
Effective software supply chain risk management requires security measures throughout the entire supply chain. Risk management is a well-understood part of business. Personified, risk management would be a dusty, gray man with a gray beard who asks questions that make you uncomfortable. Risk management is about understanding threats to your business and figuring out how you will deal with them.
Dec 10, 2021   |  By Jagat Parekh
The NVD currently lacks a CVSS score for this vulnerability, but the Synopsys Cybersecurity Research Center (CyRC) has issued a corresponding Black Duck® Security Advisory (BDSA), and assigned a CVSS score of 9.1, with links to proof-of-concept exploits. A dangerous, zero day exploit has been identified in log4j, a popular Java logging library. Apache log4j/log4j2 is broadly used within the Java community to implement application logging.
Dec 8, 2021   |  By Synopsys Editorial Team
Tim Mackey talks about his journey working in cybersecurity, today’s cyberthreat landscape, and how the industry is evolving.
Dec 7, 2021   |  By Scott Tolley
Broken authentication and local file inclusion leads to information disclosure and remote code execution in the GOautodial API.
Dec 23, 2021   |  By Synopsys
Synopsys experts will demonstrate how to use Black Duck to quickly discover and remediate open source security vulnerabilities like Log4j. Black Duck Software Composition Analysis (SCA) not only helps you address open source risk, but enables you to stay ahead of the next zero-day open source vulnerability with robust scanning, detailed and actionable security information and continuous monitoring and alerting.
Dec 17, 2021   |  By Synopsys
Looking to understand why everyone is talking about the Log4j2 vulnerability? Our Synopsys Security Experts will guide you through.
Dec 16, 2021   |  By Synopsys
Looking to understand why everyone is talking about the Log4j2 vulnerability? Our Synopsys Security Experts will guide you through.
Nov 24, 2021   |  By Synopsys
In this episode of AppSec Decoded featuring Sammy Migues, principal scientist at Synopsys and coauthor of the BSIMM report, and Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), we discuss why the software supply chain is an inviting target for hackers and how companies can implement a proactive approach to software supply chain security with security activities that won’t slow down innovation.
Nov 16, 2021   |  By Synopsys
Digital transformation is reshaping the way organizations operate. Whether you’re one of the thousands of companies that sell software, or one of the millions that use software to run your business, your ability to innovate and deliver value to your customers is powered by secure, reliable software. See why trust matters with Synopsys.
Nov 4, 2021   |  By Synopsys
We’ve been briefing private equity investment professionals on how software is developed today and the risks it creates in the software. Understanding issues in the code allows investors to ensure that deal terms fairly allocate risk and to allow for addressing in forward-looking plans. Watch the video to learn about the legal, security, and quality software risks to look for during a software due diligence and the approaches for managing those risks.
Nov 3, 2021   |  By Synopsys

Learn more about Synopsys Software Integrity:

Oct 28, 2021   |  By Synopsys
Biden’s executive order (EO), announced earlier this spring, outlines cyber security standards and best practices that will apply to federal departments, agencies, and their technology suppliers. Although the EO’s goal is to secure the U.S. government, implications are expected to be broader and could be adopted by the commercial sector. We spoke with Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), to learn how Biden’s EO differs from prior EOs and why it should be on everyone’s radar.
Sep 23, 2021   |  By Synopsys
In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, to learn what proactive steps both technology suppliers and buyers should consider in the wake of the new E.O.
Sep 21, 2021   |  By Synopsys
BSIMM helps organizations plan, implement, and measure their software security initiatives. A BSIMM assessment provides an objective, data-driven evaluation that leaders seeking to improve their security postures can use to base decisions about resources, time, budget, and priorities.
Oct 14, 2020   |  By Synopsys
You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
Oct 14, 2020   |  By Synopsys
Open source components are the foundation of every software application in every industry. But, its many benefits can often lead its consumers to overlook how open source affects the security of their application.
Oct 1, 2020   |  By Synopsys
More than 11.5 billion records with sensitive information were breached between January 2005 and January 2019 ( If your business stores, processes, or transmits cardholder data, it's imperative that you implement standard security procedures and technologies to prevent the theft of this sensitive information. Start by ensuring you're in compliance with the technical and operational requirements set by the Payment Card Industry Data Security Standard (PCI DSS).
Oct 1, 2020   |  By Synopsys
Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. But developers using web services might not have a suitable agreement to do so, and they may be inadvertently signing their companies up to terms of service. This white paper covers the types of risk associated with web services and how they can affect an M&A transaction.
Sep 1, 2020   |  By Synopsys
Threat modeling promotes the idea of thinking like an attacker. It enables organization to build software with security considerations, rather than addresssing security as an afterthought. However, there are some very common misconceptions tha can cause firms to lose their grip around the threat modeling process. This eBook shines a light onto the essentials and helps to get your bearings straight with all things related to threat modeling.
Sep 1, 2020   |  By Synopsys
Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.

Synopsys solutions help you manage security and quality risks comprehensively, across your organization and throughout the application life cycle.

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Build secure, high-quality software faster:

  • Integrate security into your DevOps environment: Integrate and automate application security testing with the development and deployment tools you use today.
  • Build a holistic AppSec program across your organization: Ensure your people, processes, and technology are aligned to defend against cyber attacks on the software you build and operate.
  • Get on-demand security testing for any application: Extend the reach of your application security team with cost-effective security testing by our team of experts.
  • Find and fix quality and compliance issues early in development: Maximize software reliability, minimize downstream maintenance headaches, and ensure compliance with industry standards.
  • Identify open source, code quality, and security risks during M&A: Avoid surprises that can materially impact the value of software assets your company acquires.
  • Assess your AppSec threats, risks, and dependencies: Go beyond security testing to understand likely cyber attack vectors and targets, as well as design flaws that can lead to security breaches.

Any software. Any development model. Any stage. Synopsys has you covered.