As the pace and complexity of software development increases, organizations are looking for ways to improve the performance and effectiveness of their application security testing, including “shifting left” by integrating security testing directly into developer tools and workflows. This makes a lot of sense. Defects, including security defects, can often be addressed faster and more cost-effectively if they are caught early.

Learn more about CVE-2021-4034, a newly discovered vulnerability in PolKit software used in major Linux distributions.

A managed services partner should do more than run the tests you choose. The right partner will work with you to shape your application security program. If your firm has attempted to hire internal security experts lately, you know they’re few and far between.

Unique open source licenses provide amusement for developers but they create extra work for legal teams overseeing a company’s IP. Several of my open source friends had the same reaction when they heard of the death of Bob Saget. Sadly, the actor/comedian passed away last week at a relatively young age, and with him went an increment of open source license risk. Wait… what?

Learn about the five cryptography best practices every developer should follow to secure their applications. Cryptography is a huge subject with dedicated experts, but that doesn’t mean developers can leave it entirely to their security teams. Building security into DevOps means you need to understand how to deliver secure, high-quality code at velocity. Having some basic cryptography under your belt will help.

Code Dx was recognized for its leadership in application security development. Learn how Code Dx helps to build trust in your software. Synopsys is proud to announce that Code Dx® has won the 2021 CybersecAsia Reader’s Choice Award for Best in Application Development Security.

Similar to a home inspection, M&A software due diligence helps organizations assess the risk of an investment. When a company buys another company, the due diligence process is analogous to a home inspection during a real estate transaction. A buyer sees only so much when they tour a home—enough to know they like it and to assess the value, but not enough identify hidden problems that might devalue the property. An in-depth assessment requires time and expertise.

To paraphrase the familiar yuletide song, in the world of IT this is “the most speculative time of the year.” True, tying predictions to the regular calendar may be a bit out of sync for much of the business and government world—the federal fiscal year begins on Oct. 1, and here at Synopsys we say Happy First Quarter on Nov. 1. But we all still celebrate the new year on New Year’s Day.

At midnight last Thursday, we experienced one of the most notable infosec events in years. A new zero-day exploit in a popular logging package for Java, Log4j, was discovered. The exact origin and timeline are still being investigated, but it’s important to note that this was not just a vulnerability announcement. The information disclosed was rapidly followed by fully functional exploit code—and the exploit itself turned out to be trivial to execute.

Effective software supply chain risk management requires security measures throughout the entire supply chain. Risk management is a well-understood part of business. Personified, risk management would be a dusty, gray man with a gray beard who asks questions that make you uncomfortable. Risk management is about understanding threats to your business and figuring out how you will deal with them.