Evaluating risk is paramount in any software transaction. In the realm of mergers and acquisitions (M&As), a thorough risk assessment is essential to identify a target company’s potential pitfalls, financial liabilities, and legal obligations. The analysis of such risks is pivotal for informed decision-making, ensuring that acquirers are aware of the risks they may inherit. For insurers, risk evaluation is fundamental to establishing coverage limitations and pricing uninsurable risks appropriately.

The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-51448, a blind SQL injection (SQLi) vulnerability in Cacti. Cacti is a performance and fault management framework written in PHP. It uses a variety of data collection methods to populate an RRDTool-based time series database (TSDB) with performance data, and offers a web user interface to view this performance data in graphs. Cacti is easily extensible for custom needs via its plugin system.

By introducing a culture of security into DevOps environments, DevSecOps is designed to address security risks early and consistently. According to the SANS 2023 DevSecOps survey, DevSecOps is a business-critical practice and risk management concern in all organizations focused on software development.

Navigating the complexities of modern application security presents a formidable challenge for organizations. The multitude of security tools and the effort to implement and maintain them often creates a tangled web of processes, which can result in inconsistent implementations, resource inefficiencies, and a fractured view of risk. Enterprise organizations can have hundreds of developers spread across multiple business units.

Engineers tend to see the world in terms of tradeoffs. Certainly, successful product or solution design requires a clear understanding of the problem to be solved and the associated constraints, and then making informed tradeoffs to solve the problem within the constraints. Tradeoff thinking also applies to successful software due diligence.

The Common Vulnerability Scoring System (CVSS) can help you navigate the constantly growing ocean of open source vulnerabilities. But it’s difficult to lend your trust and put the security of your organization and your customers into the hands of a system that you may know very little about. Let’s take a closer look at the CVSS to see what it’s all about.

Synopsys is proud to announce that we have been recognized as a Customers’ Choice vendor in the 2023 Voice of the Customer for Application Security Testing on Gartner® Peer Insights™. This distinction is a recognition of vendors in this market based on feedback and ratings from 59 verified end users of our product as of October 2023. Overall, Synopsys reviewers gave us a 4.6 out of 5, with 90% saying they would recommend our product.

The latest BSIMM report, now in its 14th iteration, contains information from more than 130 companies in eight verticals about what’s working, what isn’t, what’s changing about the risks and threat landscapes they’re facing, and how they’re responding to those changes. This annual report by the Synopsys Software Integrity Group helps organizations maximize the benefits and minimize the pain of a world run by software.

“Shifting left” is the philosophy of pushing security testing as early as possible in the development process. When the idea was first popularized, the only viable tool-based option was to run static analysis during coding, and then perform penetration testing before the application went live. Today “shifting everywhere” means automated, continuous testing throughout the software life cycle.

As the digital revolution has unfolded, the dramatic increase in the amount of code written, borrowed, and bought means that the attack surface has also increased dramatically. Software proliferation creates challenges for teams that must keep up with innovation while also securing their software.