BURLINGTON, Mass., Oct. 1, 2024 — The former Synopsys Software Integrity Group announced today that it has rebranded as Black Duck Software, Inc. (“Black Duck”), a newly independent application security company. The company’s new brand is inspired by its flagship software supply chain solution, Black Duck software composition analysis (SCA), which has helped thousands of organizations … continue reading
Synopsys today released a new application security testing solution, fAST Dynamic, that helps organizations find and remediate security vulnerabilities in today’s modern web applications. According to the company’s announcement, fAST Dynamic is built upon scanning technology Synopsys acquired from WhiteHat Security, and adds on to fAST Static and fAST SCA, which were built into the … continue reading
Just as software security has become strategic for many organizations, so too has the use of open source in development become strategic. And, as organizations realized they needed to create the role of chief information security officer (CISO), they are now coming to understand the importance of creating an open source program office to be … continue reading
Feedback is routinely requested and occasionally considered. Using feedback and doing something with it is nowhere near as routine, unfortunately. Perhaps this has been due to a lack of a practical application based on a focused understanding of feedback loops, and how to leverage them. We’ll look at Feedback Loops, the purposeful design of a … continue reading
When creating, testing, and deploying software, many development companies now use proprietary software and open source software (OSS). Proprietary software, also known as closed-source or non-free software, includes applications for which the publisher or another person reserves licensing rights to modify, use, or share modifications. Examples include Adobe Flash Player, Adobe Photoshop, macOS, Microsoft … continue reading
Security company ShiftLeft today announced the new release of its ShiftLeft CORE platform with the Velocity Update that has new features for identifying and addressing potential vulnerabilities earlier in the software development life cycle. New features and capabilities include the ability to perform code analysis for Kotlin apps for mobile development, which is an early-stage … continue reading
Developers are always under pressure to increase code output, but without the proper controls and tooling in place, rushing through the development process can lead to problems down the road. Things like static code analysis (SCA) tools offer a way to verify quality, security, and compliance without adding too much extra time to the process. … continue reading
The past year saw a 430% increase in next-generation cyber attacks aimed at actively infiltrating open source software supply chains, according to the 2020 State of the Software Supply Chain report. In the past 12 months, 929 next-generation software supply chain attacks were recorded. By comparison, 216 such attacks were recorded between February 2015 and … continue reading
The short answer is never. There, I just saved you enough time that you can go and do the right thing and run SAST and DAST and work on hardening your code, instead of trying to test security into your application. Look, every time a new technology, process, or technique comes along there are some … continue reading
A crystal ball presentation on the future of application security at the Gartner Security and Risk Management Summit this year caught the eye of us in the software security space. In case you missed it, the top-line predictions were: By 2022, software composition analysis (SCA) will surpass traditional AST tools (SAST, DAST) as the primary … continue reading
If you’re not doing static code analysis (aka static analysis), now is the time to start. Delivering code faster has dubious value if the quality degrades as development cycles shrink. On the other hand, if you’re not doing static code analysis, you’re not alone. Despite the mature age of the tool category, not a lot … continue reading
CA Technologies announced its acquisition of software composition analysis specialists SourceClear early this week with aims to incorporate SourceClear’s SaaS-based SCA tool and proprietary vulnerability database with their Veracode cloud platform. “We are excited about what this acquisition means for our customers in terms of increased support for SCA in DevSecOps environments and the ability … continue reading
