There is enormous attention on generative AI (GenAI) and its potential to change software development. While the full impact of GenAI is yet to be known, organizations are eagerly vetting the technology and separating the hype from the real, pragmatic benefits. In parallel, software security professionals are closely watching the practical impact of GenAI and how application security testing (AST) must adapt as adoption increases.

In late 2023, Synopsys released the “Global State of DevSecOps” report. The report explored crucial topics in the realm of DevSecOps and outlined practical approaches for implementing effective, resilient, and scalable application security (AppSec) approaches. These approaches can help organizations strengthen their AppSec programs in 2024.

Now in its ninth edition, the 2024 “Open Source Security and Risk Analysis” (OSSRA) report delivers an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software.

Even as the speed of software development increases, security remains a paramount concern. As organizations strive to keep pace with rapid innovation, they grapple with the dual challenge of maintaining agility while ensuring the security of their software products. Enter AppSec on the Move 2024, a pivotal event that promises to shed light on strategies for improving the return on investment (ROI) of application security (AppSec).

In the ever-evolving landscape of software development, artificial intelligence (AI) is emerging as a transformative force, reshaping the software development lifecycle. While AI use is still not without risk, it's time to reframe the conversation and explore how AI can enhance and streamline various stages of the SDLC. Let’s take a look at how you can strategically incorporate AI in the SDLC and address lingering concerns.

There is a need for a new approach to AppSec—one that handles business risk without obstructing company growth, eliminates the tradeoff between speed and security, and fulfills the DevSecOps promise. Here are four DevSecOps best practices to help your organization realize this vision with an efficient, effective DevSecOps strategy.

Defensics® is the leading fuzz testing solution for discovering unknown vulnerabilities and ensuring system robustness. The tool has been widely adopted across industrial Internet of Things (IoT) and medical devices, as well as telecom network environments to mitigate risks when deploying embedded software. Defensics offers powerful capabilities out of the box for testers to perform protocol testing and hardening checks.

As cloud-native applications continue to proliferate, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they offer. In fact, Gartner predicts that 75% of global organizations are running containerized applications in production. The popularity of containers has also attracted hackers looking for new ways to exploit applications.

The complexity of modern applications (think open source, proprietary and commercial code) makes the management of software supply chain security a business-critical effort. Robust software supply chain security requires a thorough understanding of your organization’s software components - a complete visibility into the makeup of your code - best achieved with a Software Bill of Materials (SBOM).

Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, and React Native support with another option for those focused on secure mobile app development.