Find out what our audit services team unearthed in the 2,400+ codebases we reviewed in 2021. Spoiler alert: In 2021, audits found open source in 100% of our customer engagements. Regular readers know that Synopsys recently published the seventh edition of the “Open Source Security and Risk Assessment” (OSSRA) report. We think it provides the best information available about usage of open source in the wild, and the frequency of open source risks.

The curl vulnerability shows how we produced timely information by combing through source code commits in open source projects.

The OWASP API Security Top 10 list highlights the most critical API security risks to web applications. Shifting security left means that API security can’t be left only to security teams. Developers need to be on top of potential vulnerabilities and remediate them as they develop. Building security into DevOps means we need to be thinking about how to deliver secure, high-quality code at velocity. Having some basic API security info under your belt will help.

Each month we highlight research from the Black Duck Security Research team in Belfast. This month’s vulnerability followed an unusual path through more than half a decade.

As we celebrate the first anniversary of Rapid Scan Static, we look back at the growth of our new SAST engine. In June 2021, Synopsys officially released Rapid Scan Static, a feature of Code Sight™ SE and Coverity® by Synopsys and powered by the Sigma scan engine. Rapid Scan Static reduces the noise and friction for developers by providing fast results that enable them to take action earlier in the software development life cycle (SDLC).

Building trust in your software is important, but software trust is even more important in M&A transactions. The Black Duck® Audit team is part of the Synopsys Software Integrity Group. And Synopsys is all about trust. The Synopsys mission is to help you build trust in your software. There is nothing better than a good night’s sleep. And with the importance of software to almost every business today, concern about software risk can negatively impact your slumber.

The acquisition of WhiteHat Security, the leading the DAST solution provider, is a step toward a more comprehensive, end-to-end portfolio for AppSec. Today, Synopsys closed the acquisition of WhiteHat Security, an application security pioneer and market-segment leading provider of dynamic application security testing (DAST) solutions.

Mitigating the risks associated with complex enterprise applications requires securing every component at every stage of the life cycle.

If you’re selling to the federal government, you need to take a closer look at your supply chain risk management process. The software supply chain is, as most of us know by now, both a blessing and a curse.

The 2022 Gartner® Critical Capabilities for Application Security Testing report provides useful guidance for teams wanting to build an AppSec program optimized for their business needs. There are two cars in my driveway right now. One was built in 1978, and what’s great about it is how easy it is to work on. It’s a simple vehicle, and most repairs can be performed with only a half-dozen tools: two screwdrivers, three wrenches, and a hammer (you always need a hammer).