Get remediation guidance on CVE-2022-43945, which contains two vulnerabilities causing buffer handling issues in Linux Kernel NFSD implementation. By: Aleksi Illikainen and Kari Hulkko, Synopsys Cybersecurity Research Center.

GitHub Actions integrates AST capabilities into development workflows and CI/CD pipelines to provide instant, actionable insights into risks. Today, the nature of technology and its accelerated time to market require organizations to extend security practices to development and engineering teams.

Say you are allergic to peanuts. While out to dinner, you order a plate of spaghetti with meatballs. The server lets you know that there are no peanuts in the spaghetti with meatballs. Unfortunately, the server has no knowledge that the onions within the meatballs were fried in peanut oil. The indirect dependency on the peanut oil that was included in the meatballs by way of the fried onions left you vulnerable to an attack.

Understand what steps your organization needs to take now to prepare for the upcoming patch to address OpenSSL’s critical security vulnerability on November 1. Security experts are giving organizations advance disclosure of a critical vulnerability discovered in OpenSSL version 3.0 and above, leaving many to speculate about the potential impact to their organization.

Get a handle on essential software development best practices to achieve compliance and risk reduction before directives take effect.

Imagine you are developing an application – no matter if it’s a web, mobile, or desktop app – and your IDE informs you of security vulnerabilities as you code. The release of Code Sight 2022.9.0 for VS Code and IntelliJ makes that a reality. With Synopsys’ industry-leading static application security testing (SAST) engine powering Code Sight’s Rapid Scan Static, there is no configuration or tuning. It’s actual sophisticated taint flow and not just lint.

Get the most out of your Black Duck open source audit by understanding the report components and next steps you need to take.