Topic: synopsys

Synopsys hopes to mitigate upstream risks in software supply chains with new SCA tool

Synopsys has released a new solution to help companies manage upstream risks of software supply chains. Black Duck Supply Chain Edition does software composition analysis (SCA) that makes use of a number of security analysis techniques to determine the components in a piece of software, such as package dependency, CodePrint, snippet, binary, and container analysis.  … continue reading

Synopsys releases fAST Dynamic test solution

Synopsys today released a new application security testing solution, fAST Dynamic, that helps organizations find and remediate security vulnerabilities in today’s modern web applications. According to the company’s announcement, fAST Dynamic is built upon scanning technology Synopsys acquired from WhiteHat Security, and adds on to fAST Static and fAST SCA, which were built into the … continue reading

Report: Security suffering due to a “zombie code” apocalypse

A majority of codebases contain outdated components, or “zombie code,” which can result in unpatched vulnerabilities lingering long after they should have been fixed. According to Synopsys’ Open Source Security and Risk Analysis report, which was released today, 91% of codebases contain components that are at least 10 versions out-of-date. Furthermore, 49% of codebases contain … continue reading

Synopsys Software Risk Manager aims to simplify security and testing strategies

Synopsys is working to make it easier for security teams to align their strategy across different projects, teams, and application security testing (AST) tools. They have released the Synopsys Software Risk Manager, which brings together security testing engines with policy-driven test orchestration and vulnerability management. According to Synopsys, Software Risk Manager allows teams to centrally … continue reading

Cloud-native success requires API security

The complexity of modern cloud-native applications, which often leverage microservices, containers, APIs, infrastructure-as-code and more to enable speed in app development and deployment, can create security headaches for organizations that fail to put practices in place to mitigate vulnerabilities. With dependencies on databases and third-party APIs, and sensitive information and secrets such as certificates and … continue reading

Development today: Short-term benefits, long-term risks.

For all the talk of server and network security, the fact remains that applications are among the main attack vectors leveraged by bad actors. This is so because development teams are focused on delivering new functionality and features as quickly as possible. They are not usually trained in security practices, and often have little desire … continue reading

SBOMs can help ensure software integrity

To secure the software in your supply chain, there’s a lot of hype today about the need for an SBOM (software bill of materials). But what does that really mean for development teams today? BOMs have been used for years by organizations; they are a list of the raw materials, sub-assemblies, intermediate assemblies, sub-components, parts, … continue reading

Asking developers to do security is a risk in itself without training

As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense, because defects, including security defects, can often be addressed faster and … continue reading

SD Times news digest: Tricentis acquires Testim; SmartBear releases Bugsnag updates; TigerGraph to launch “Graph for All Million Dollar Challenge”;

Tricentis, an organization focused on test automation for modern cloud and enterprise applications, today announced that it has acquired the AI-based SaaS test automation platform, Testim. This combination is aimed to simplify Tricentis’ test automation, allowing users to more easily create end-to-end tests. “We are very excited to join Tricentis,” said Oren Rubin, founder and … continue reading

Report: Companies prioritize securing open-source components in modern software

The rapid adoption of the cloud has led companies to increasingly secure open-source components in modern software.  The newly released 12th Building Security In Maturity Model (BSIMM12) report found a 61% increase in software security groups’ identification and management of open source over the past two years.  The report was created by Synopsys, a company … continue reading

Reducing friction between dev and app sec teams is key

As developers begin to be responsible for more and more elements beyond just coding, having tools take some of the burden off them will become important. Developers are now expected to become security experts, and while it’s important to know the basics such as how to write secure code, there also becomes a dependence on … continue reading

SD Times news digest: DataRobot to acquire Algorithmia, Synopsys announces Rapid Scan, Thundra announces Foresight CI Observability Tool

DataRobot announced that it’s acquiring the MLOps platform Algorithmia to deepen its capabilities to unlock value from AI through better, faster, frictionless solutions for every part of the modern enterprise. “We understand that businesses cannot get the value of their ML models unless they have the ability to deliver those models quickly, reliably, and at … continue reading

DMCA.com Protection Status