The OWASP API Security Top 10 list highlights the most critical API security risks to web applications. Shifting security left means that API security can’t be left only to security teams. Developers need to be on top of potential vulnerabilities and remediate them as they develop. Building security into DevOps means we need to be thinking about how to deliver secure, high-quality code at velocity. Having some basic API security info under your belt will help.

Each month we highlight research from the Black Duck Security Research team in Belfast. This month’s vulnerability followed an unusual path through more than half a decade.

As we celebrate the first anniversary of Rapid Scan Static, we look back at the growth of our new SAST engine. In June 2021, Synopsys officially released Rapid Scan Static, a feature of Code Sight™ SE and Coverity® by Synopsys and powered by the Sigma scan engine. Rapid Scan Static reduces the noise and friction for developers by providing fast results that enable them to take action earlier in the software development life cycle (SDLC).

Building trust in your software is important, but software trust is even more important in M&A transactions. The Black Duck® Audit team is part of the Synopsys Software Integrity Group. And Synopsys is all about trust. The Synopsys mission is to help you build trust in your software. There is nothing better than a good night’s sleep. And with the importance of software to almost every business today, concern about software risk can negatively impact your slumber.

The acquisition of WhiteHat Security, the leading the DAST solution provider, is a step toward a more comprehensive, end-to-end portfolio for AppSec. Today, Synopsys closed the acquisition of WhiteHat Security, an application security pioneer and market-segment leading provider of dynamic application security testing (DAST) solutions.

Mitigating the risks associated with complex enterprise applications requires securing every component at every stage of the life cycle.

If you’re selling to the federal government, you need to take a closer look at your supply chain risk management process. The software supply chain is, as most of us know by now, both a blessing and a curse.