Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. Security experts are giving organizations advance disclosure of a critical vulnerability discovered in OpenSSL version 3.0 and above, leaving many to speculate about the potential impact to their organization.

Get a handle on essential software development best practices to achieve compliance and risk reduction before directives take effect.

Imagine you are developing an application – no matter if it’s a web, mobile, or desktop app – and your IDE informs you of security vulnerabilities as you code. The release of Code Sight 2022.9.0 for VS Code and IntelliJ makes that a reality. With Synopsys’ industry-leading static application security testing (SAST) engine powering Code Sight’s Rapid Scan Static, there is no configuration or tuning. It’s actual sophisticated taint flow and not just lint.

Get the most out of your Black Duck open source audit by understanding the report components and next steps you need to take.

In recognition of National Cybersecurity Awareness Month, we’ve outlined some open source dependency best practices to help organizations manage their open source.

The Code Sight security plugin, available for IntelliJ, makes IDE-based AppSec testing attainable without breaking established development workflows. It has been decades since application development evolved to include the creation of software for local installation as well as hosted, cloud-based delivery and software as a service (SaaS). This evolution was the first shift in development workflows—and it established a new potential attack vector for software assets in production.

Securing cloud-native apps require advanced tooling. Learn why Synopsys earned the highest score for the cloud-native app use case in Gartner’s latest report. The cloud-native development model entered the mainstream in the recent years, with technologies such as microservices and serverless computing, containers, APIs, and infrastructure-as-code (IaC) at the forefront of this trend.

In a merger and acquisition (M&A) tech transaction where the code is much of the value, acquirers want to ensure that the components used are properly licensed. If they are not, the purchaser might be exposed to legal issues that they will need to address. In 2021, 78% of the code that Synopsys audited was comprised of third-party components.

Understanding the latest BSIMM report trends can help you plan strategic improvements to your own security efforts. If you want good advice on how to improve your organization’s software security—and you should—you’ve come to the right place. What makes it even better is that it’s not coming only from us—It’s coming from your peers in your own industry sector.

CVE-2022-39063 is a vulnerability in the Open5GS project, an open source implementation of 5G components. The Synopsys Cybersecurity Research Center (CyRC) has exposed a denial-of-service vulnerability in Open5GS. Open5GS is an open source project that provides LTE and 5G mobile packet core network functionalities with an AGPLv3 or commercial license. It can be used to build private LTE/5G telecom networks by individuals or telecom network operators.