Synopsys has released a new solution to help companies manage upstream risks of software supply chains. Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques to determine the components in a piece of software, such as package dependency, CodePrint, snippet, binary, and container analysis. … continue reading
Synopsys today released a new application security testing solution, fAST Dynamic, that helps organizations find and remediate security vulnerabilities in today’s modern web applications. According to the company’s announcement, fAST Dynamic is built upon scanning technology Synopsys acquired from WhiteHat Security, and adds on to fAST Static and fAST SCA, which were built into the … continue reading
A majority of codebases contain outdated components, or “zombie code,” which can result in unpatched vulnerabilities lingering long after they should have been fixed. According to Synopsys’ Open Source Security and Risk Analysis report, which was released today, 91% of codebases contain components that are at least 10 versions out-of-date. Furthermore, 49% of codebases contain … continue reading
Synopsys is working to make it easier for security teams to align their strategy across different projects, teams, and application security testing (AST) tools. They have released the Synopsys Software Risk Manager, which brings together security testing engines with policy-driven test orchestration and vulnerability management. According to Synopsys, Software Risk Manager allows teams to centrally … continue reading
The complexity of modern cloud-native applications, which often leverage microservices, containers, APIs, infrastructure-as-code and more to enable speed in app development and deployment, can create security headaches for organizations that fail to put practices in place to mitigate vulnerabilities. With dependencies on databases and third-party APIs, and sensitive information and secrets such as certificates and … continue reading
For all the talk of server and network security, the fact remains that applications are among the main attack vectors leveraged by bad actors. This is so because development teams are focused on delivering new functionality and features as quickly as possible. They are not usually trained in security practices, and often have little desire … continue reading
To secure the software in your supply chain, there’s a lot of hype today about the need for an SBOM (software bill of materials). But what does that really mean for development teams today? BOMs have been used for years by organizations; they are a list of the raw materials, sub-assemblies, intermediate assemblies, sub-components, parts, … continue reading
As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading
Tricentis, an organization focused on test automation for modern cloud and enterprise applications, today announced that it has acquired the AI-based SaaS test automation platform, Testim. This combination is aimed to simplify Tricentis’ test automation, allowing users to more easily create end-to-end tests. “We are very excited to join Tricentis,” said Oren Rubin, founder and … continue reading
The rapid adoption of the cloud has led companies to increasingly secure open-source components in modern software. The newly released 12th Building Security In Maturity Model (BSIMM12) report found a 61% increase in software security groups’ identification and management of open source over the past two years. The report was created by Synopsys, a company … continue reading
As developers begin to be responsible for more and more elements beyond just coding, having tools take some of the burden off them will become important. Developers are now expected to become security experts, and while it’s important to know the basics such as how to write secure code, there also becomes a dependence on … continue reading
DataRobot announced that it’s acquiring the MLOps platform Algorithmia to deepen its capabilities to unlock value from AI through better, faster, frictionless solutions for every part of the modern enterprise. “We understand that businesses cannot get the value of their ML models unless they have the ability to deliver those models quickly, reliably, and at … continue reading