Aimed at examining the strategies, tools, and practices impacting software security, the just-released “Global State of DevSecOps 2023” report from Synopsys, is based on a survey conducted by Censuswide polling more than 1,000 IT professionals across the world. The following is a deep dive into key report findings.

The maintainer and original author of curl, Daniel Stenberg, has taken to X (formerly Twitter) and LinkedIn to sound the alarm on what he refers to as “probably the worst security problem found in curl in a long time.” According to project maintainers, the fixed version, 8.4.0, is set to be released on Wednesday, October 11.

OpenNMS is a Java language open source network monitoring platform. The OpenNMS platform monitors some of the largest networks in the Fortune 500, covering the healthcare, technology, energy, finance, government, education, retail, and industrial sectors, many with tens of thousands of networked devices.

In this blog series, we’ve covered how AppSec integrations can enable a more secure SDLC, avoiding pitfalls when integrating AppSec for DevOps, and how to use integrations to automate security risk information collection and delivery. So let’s wrap up this series by taking a look at how an Integrated DevSecOps program can help future-proof your AppSec program.

Software due diligence is an all-important aspect of any merger and acquisition (M&A) transaction, and in the tech M&A world, a target’s software assets are a significant part of the valuation. This due diligence process should identify a target company’s open source license obligations, application security and code quality risks, and the organization, processes, and practices that compose the software development life cycle.

Internet of Things (IoT) devices are becoming ubiquitous, with billions deployed in the world. And threat actors are constantly looking for vulnerabilities in them because, unlike traditional IT devices, once IoT devices with fixed firmware are deployed, it is often impossible to fix problems. That’s why it is critical to thoroughly test the security and resilience of IoT devices before deployment, using the same methods that hackers use.

Synopsys received the second-highest score in the Current Offering category, and tied for the second-highest scores in the Strategy and Market Presence categories. This week, Synopsys was named a Leader in “The Forrester Wave™: Static Application Security Testing, Q3, 2023,” based on its evaluation of Coverity®, our static application security testing (SAST) solution.

One of the most critical aspects of software development is ensuring that the applications you create are secure and reliable. As the pace of development and deployment continues to increase, manual testing and security checks are no longer sufficient to keep up with the pace.

Want to know the best way to make sure you can get a good job with good pay? Choose a field where the demand for workers exceeds the supply. Welcome to computer coding. While estimates of a skilled worker shortage vary, most put it somewhere in the dozens of millions worldwide. And it’s the catalyst for National Coding Week (NCW), which runs September 14-20. The event, launched in 2014 in the U.K.

The widespread use of Artificial intelligence (AI) and machine learning (ML) introduce their own security challenges; an AI/ML security assessment can help. AI and ML provide many benefits to modern organizations; however, with their widespread use come significant security challenges. This article explores the vital role of AI/ML security assessments in unearthing potential vulnerabilities, from lax data protection measures to weak access controls and more.