Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Top 4 software development methodologies

Successful software projects are managed well. To manage a project efficiently, the manager or development team must choose the software development methodology that will work best for the project at hand. All methodologies have different strengths and weaknesses and exist for different reasons. Here’s an overview of the most commonly used software development methodologies and why different methodologies exist.

CyRC Vulnerability Advisory: CVE-2023-7060 Missing Security Control in Zephyr OS IP Packet Handling

The Synopsys Cybersecurity Research Center (CyRC) has identified problems in Zephyr OS related to protecting against internet protocol (IP) address spoofing attacks. Zephyr OS is a popular real-time operating system used in connected, resource-constrained systems like Internet of Things and embedded devices. It is highly customizable and supports multiple architectures, systems-on-a-chip, and boards, making it useful for a wide range of applications.

Introducing fAST Dynamic: Streamlining dynamic application security testing

Today, we're excited to announce the availability of fAST Dynamic, the latest offering on the Polaris Software Integrity Platform®. As web applications become more complex, so too does the task of testing them for security issues at the pace of modern development pipelines. Polaris fAST Dynamic simplifies dynamic application security testing (DAST) for modern web applications, while also making it faster and easier for the teams developing them.

2024 OSSRA report: Open source license compliance remains problematic

Based on the audit data presented in the 2024 “Open Source Security and Risk Analysis” (OSSRA) report, organizations in all verticals should be concerned about the potential risk of litigation or threat to their intellectual property rights due to failure to comply with an open source license. The report’s findings show that over half—53%—of the 2023 audited codebases contained open source with license conflicts.

Considerations before moving away from native apps

To some, native applications are rudimentary. Why write an application specific to one platform when you can build one that is cross-platform compatible? After all, expanding the user base is one of the most fundamental objectives for software development teams. Doing this quickly with the current “build apps for any screen” approach is the obvious choice.

Attesting to secure software development practices

It’s been almost three years since President Biden issued Executive Order 14028, and while we’ve heard vendors talk about “compliance with EO 14028” for about that long, the reality is that industry hasn’t had anything to comply with—until now. On March 11, CISA published the Secure Software Development Attestation Form as part of its obligations under OMB memo M-22-18 and the successor OMB memo M-23-16.

2024 OSSRA Report: Dead code risk in open source components

Highlighting the critical need for improved maintenance practices among users of open source software, the new 2024 “Open Source Security and Risk Analysis” (OSSRA) report catalogs security concerns caused by the significant lag many organizations have in keeping the open source components they use up-to-date.

Synopsys and GenAI

There is enormous attention on generative AI (GenAI) and its potential to change software development. While the full impact of GenAI is yet to be known, organizations are eagerly vetting the technology and separating the hype from the real, pragmatic benefits. In parallel, software security professionals are closely watching the practical impact of GenAI and how application security testing (AST) must adapt as adoption increases.

The Synopsys integrated DevSecOps playbook: Steps for successful DevSecOps

In late 2023, Synopsys released the “Global State of DevSecOps” report. The report explored crucial topics in the realm of DevSecOps and outlined practical approaches for implementing effective, resilient, and scalable application security (AppSec) approaches. These approaches can help organizations strengthen their AppSec programs in 2024.