Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Synopsys

Top 4 software development methodologies

Successful software projects are managed well. To manage a project efficiently, the manager or development team must choose the software development methodology that will work best for the project at hand. All methodologies have different strengths and weaknesses and exist for different reasons. Here’s an overview of the most commonly used software development methodologies and why different methodologies exist.

CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling

The Synopsys Cybersecurity Research Center (CyRC) has identified problems in Zephyr OS related to protecting against internet protocol (IP) address spoofing attacks. Zephyr OS is a popular real-time operating system used in connected, resource-constrained systems like Internet of Things and embedded devices. It is highly customizable and supports multiple architectures, systems-on-a-chip, and boards, making it useful for a wide range of applications.

Introducing fAST Dynamic: Streamlining dynamic application security testing

Today, we're excited to announce the availability of fAST Dynamic, the latest offering on the Polaris Software Integrity Platform®. As web applications become more complex, so too does the task of testing them for security issues at the pace of modern development pipelines. Polaris fAST Dynamic simplifies dynamic application security testing (DAST) for modern web applications, while also making it faster and easier for the teams developing them.

2024 OSSRA report: Open source license compliance remains problematic

Based on the audit data presented in the 2024 “Open Source Security and Risk Analysis” (OSSRA) report, organizations in all verticals should be concerned about the potential risk of litigation or threat to their intellectual property rights due to failure to comply with an open source license. The report’s findings show that over half—53%—of the 2023 audited codebases contained open source with license conflicts.

Introducing fAST Dynamic to the Polaris Software Integrity Platform | Synopsys

Now a part of the Polaris Software Integrity Platform, fAST Dynamic provides next generation dynamic analysis at scale. fAST Dynamic is a DAST solution that provides an automated, self-service dynamic testing solution for effectively analyzing modern technologies that is fast, easy, and accurate.

Considerations before moving away from native apps

To some, native applications are rudimentary. Why write an application specific to one platform when you can build one that is cross-platform compatible? After all, expanding the user base is one of the most fundamental objectives for software development teams. Doing this quickly with the current “build apps for any screen” approach is the obvious choice.

Attesting to secure software development practices

It’s been almost three years since President Biden issued Executive Order 14028, and while we’ve heard vendors talk about “compliance with EO 14028” for about that long, the reality is that industry hasn’t had anything to comply with—until now. On March 11, CISA published the Secure Software Development Attestation Form as part of its obligations under OMB memo M-22-18 and the successor OMB memo M-23-16.

2024 OSSRA Report: Dead code risk in open source components

Highlighting the critical need for improved maintenance practices among users of open source software, the new 2024 “Open Source Security and Risk Analysis” (OSSRA) report catalogs security concerns caused by the significant lag many organizations have in keeping the open source components they use up-to-date.