Sep 23, 2022   |  By Black Duck Audit Team
In a merger and acquisition (M&A) tech transaction where the code is much of the value, acquirers want to ensure that the components used are properly licensed. If they are not, the purchaser might be exposed to legal issues that they will need to address. In 2021, 78% of the code that Synopsys audited was comprised of third-party components.
Sep 21, 2022   |  By Fred Bals
Understanding the latest BSIMM report trends can help you plan strategic improvements to your own security efforts. If you want good advice on how to improve your organization’s software security—and you should—you’ve come to the right place. What makes it even better is that it’s not coming only from us—It’s coming from your peers in your own industry sector.
Sep 14, 2022   |  By Qiang Li
CVE-2022-39063 is a vulnerability in the Open5GS project, an open source implementation of 5G components. The Synopsys Cybersecurity Research Center (CyRC) has exposed a denial-of-service vulnerability in Open5GS. Open5GS is an open source project that provides LTE and 5G mobile packet core network functionalities with an AGPLv3 or commercial license. It can be used to build private LTE/5G telecom networks by individuals or telecom network operators.
Sep 9, 2022   |  By Steven Zimmerman
Learn who needs open source audits, why you might need one, who and what is involved, and how an open source audit can help you in an M&A. If you’re part of a modern business that does any software development, your dev teams are using open source components to move quickly, save money, and leverage community innovation. If you’re a law firm or a consultant, your clients use open source.
Sep 8, 2022   |  By Kari Hulkko
Smart homes rely on secure devices. Fuzz testing identifies software vulnerabilities in smart devices by fuzzing wireless and IoT protocols.
Aug 30, 2022   |  By Mike McGuire
A software Bill of Materials or SBOM provides transparency into an organization’s software, protecting it from supply chain risks. Just because the component you add to your application is secure today doesn’t mean that the application will still be secure tomorrow.
Aug 29, 2022   |  By Charlotte Freeman
We break down the ASCDPM standard and how Synopsys application security testing tools can help customers implement this new guidance. In early August 2022, the Consortium for Information & Software Quality (CISQ) released a new specification, the Automated Source Code Data Protection Measure (ASCDPM). CISQ is an industry leadership group that develops international standards for automating the measurement of software size and structural quality from source code.
Aug 26, 2022   |  By Allon Mureinik
It’s critical for developers to understand basic security concepts and best practices to build secure applications. Software developers are creative problem solvers. Their job is to build functioning applications, and they deal with rapid changes—in technologies, tools, and programming languages—as the landscape evolves and the development velocity accelerates. A key part of the development process is ensuring that the products delivered meet user needs and the goals of the business.
Aug 24, 2022   |  By Charlotte Freeman
Learn about API authentication and authorization best practices to ensure your APIs are secure. While we often use the terms interchangeably, authorization and authentication are two separate functions. Authentication is the process of verifying who a user is, and authorization is the process of verifying what they have access to.
Aug 19, 2022   |  By Phil Odence
Understanding the key aspects of software due diligence audits will help you know what to look for in a trusted M&A partner. At some level, the pitch for any software-related service is the same: We have the expertise to provide high-quality solutions to your challenging problems. Sometimes that expertise is “powered by” proprietary technology. That’s well-aligned to what prospective clients look for in most software service scenarios.
Aug 31, 2022   |  By Synopsys
In this second of two episodes of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Tim Mackey, principal security strategist within the Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys, continue their conversation on how the guidance from NIST can help any organization.
Aug 22, 2022   |  By Synopsys
In this first of two episodes of AppSec Decoded, recorded live at RSA 2022 in San Francisco, Tim Mackey, principal security strategist within the Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys, discuss the overall focus of that guidance: How to build processes and programs around risk-based principles.
Aug 3, 2022   |  By Synopsys
Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Center (CyRC), talks with Taylor Armerding, security advocate at Synopsys, about CyRC’s major annual reports, including the “Open Source Software and Risk Analysis”(OSSRA) report, which uses anonymized data from M&A audits to develop a profile of how much open source is in the software ecosystem, how organizations are using it, and whether they’re keeping it up-to-date.
Aug 1, 2022   |  By Synopsys
President Biden’s executive order calls for agencies to buy only software products that have a software Bill of Materials (SBOM). Mike McGuire, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss the role SBOMs will play in application security and what tools and methods organizations can leverage to create a comprehensive SBOM.
Aug 1, 2022   |  By Synopsys
Coverity is a market leader in application security and embedded applications. It’s the only SAST solution that combines best-in-class security and software code quality in a single product.
Jul 18, 2022   |  By Synopsys
In this edition of AppSec Decoded, recorded at RSA 2022 in San Francisco, cybersecurity experts Anita D’Amico, vice president of business development with Synopsys, and Taylor Armerding, security advocate with Synopsys, discuss the specific functions and benefits of ASOC tools.
Jul 11, 2022   |  By Synopsys
Synopsys security training services allow organizations to build security champions within by delivering learning-centric solutions through on-demand, virtual, or in-person sessions. The curriculum covers a range of topics so you can tackle security from all angles and depths.
Jul 7, 2022   |  By Synopsys
Watch our latest edition of AppSec Decoded as Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, and Taylor Armerding, security advocate at Synopsys Software Integrity Group, discuss the value of Black Duck® by Synopsys audit services in the M&A world, and ways to reap the benefits of your open source software without falling victim to the risks.
Jun 28, 2022   |  By Synopsys
Secure software requires more than just tools. Organizations need a security strategy, and plan, and skilled developers to minimize risks in their software. Learn how to build a holistic AppSec program that builds trust in your software.
Jun 10, 2022   |  By Synopsys
In this episode of AppSec Decoded, our cybersecurity experts discuss why DevSecOps initiatives stall or fail and what organizations can do to build security into their development processes at the pace of their business demands.
Oct 14, 2020   |  By Synopsys
You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
Oct 14, 2020   |  By Synopsys
Open source components are the foundation of every software application in every industry. But, its many benefits can often lead its consumers to overlook how open source affects the security of their application.
Oct 1, 2020   |  By Synopsys
More than 11.5 billion records with sensitive information were breached between January 2005 and January 2019 ( If your business stores, processes, or transmits cardholder data, it's imperative that you implement standard security procedures and technologies to prevent the theft of this sensitive information. Start by ensuring you're in compliance with the technical and operational requirements set by the Payment Card Industry Data Security Standard (PCI DSS).
Oct 1, 2020   |  By Synopsys
Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. But developers using web services might not have a suitable agreement to do so, and they may be inadvertently signing their companies up to terms of service. This white paper covers the types of risk associated with web services and how they can affect an M&A transaction.
Sep 1, 2020   |  By Synopsys
Threat modeling promotes the idea of thinking like an attacker. It enables organization to build software with security considerations, rather than addresssing security as an afterthought. However, there are some very common misconceptions tha can cause firms to lose their grip around the threat modeling process. This eBook shines a light onto the essentials and helps to get your bearings straight with all things related to threat modeling.
Sep 1, 2020   |  By Synopsys
Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.

Synopsys solutions help you manage security and quality risks comprehensively, across your organization and throughout the application life cycle.

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Build secure, high-quality software faster:

  • Integrate security into your DevOps environment: Integrate and automate application security testing with the development and deployment tools you use today.
  • Build a holistic AppSec program across your organization: Ensure your people, processes, and technology are aligned to defend against cyber attacks on the software you build and operate.
  • Get on-demand security testing for any application: Extend the reach of your application security team with cost-effective security testing by our team of experts.
  • Find and fix quality and compliance issues early in development: Maximize software reliability, minimize downstream maintenance headaches, and ensure compliance with industry standards.
  • Identify open source, code quality, and security risks during M&A: Avoid surprises that can materially impact the value of software assets your company acquires.
  • Assess your AppSec threats, risks, and dependencies: Go beyond security testing to understand likely cyber attack vectors and targets, as well as design flaws that can lead to security breaches.

Any software. Any development model. Any stage. Synopsys has you covered.