CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN
CVE-2022-27535 is a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Synopsys
AppSec Decoded: An introduction to the Synopsys Cybersecurity Research Center | Synopsys
Jonathan Knudsen, head of global research at the Synopsys Cybersecurity Research Center (CyRC), talks with Taylor Armerding, security advocate at Synopsys, about CyRC’s major annual reports, including the “Open Source Software and Risk Analysis”(OSSRA) report, which uses anonymized data from M&A audits to develop a profile of how much open source is in the software ecosystem, how organizations are using it, and whether they’re keeping it up-to-date.
CyRC Vulnerability Analysis: Repo jacking in the software supply chain
Repo jacking is often the first step in a supply chain attack. Learn the security methods and tools used to help protect your organization. In recent months, an increasingly prevalent threat to open source repositories has been the observed in the rise of cases of repository hijacking—repo jacking for short.
AppSec Decoded: Methods and tools for SBOM generation | Synopsys
President Biden’s executive order calls for agencies to buy only software products that have a software Bill of Materials (SBOM). Mike McGuire, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss the role SBOMs will play in application security and what tools and methods organizations can leverage to create a comprehensive SBOM.
Coverity Static Analysis | Synopsys
Coverity is a market leader in application security and embedded applications. It’s the only SAST solution that combines best-in-class security and software code quality in a single product.
Introducing IaC Security from Black Duck
Black Duck’s newest release delivers all-new, lightning-fast infrastructure-as-code (IaC) scanning capabilities. The news is just in, and it’s big: Black Duck now offers IaC scanning functionality. With no additional licenses required, this capability is available immediately for all existing Black Duck customers. Let’s dig into exactly what this means for you, how it helps your existing security efforts, and what you can expect in the months to come.
Five types of software licenses you need to understand
Different types of software licenses require you to meet certain obligations if you want to reuse the code. Here are five common types of software licenses.
Bridging the security gap in continuous testing and the CI/CD pipeline
Learn why Synopsys earned the highest score for the Continuous Testing Use Case in Gartner’s latest report. Gartner recently released its 2022 “Critical Capabilities for Application Security Testing” (AST) report, and I am delighted to see that Synopsys received the highest score across each of the five Use Cases.
Out-of-band application security with Intelligent Orchestration
Intelligent Orchestration enables security and development teams to implement coordinated DevSecOps workflows with minimal friction. Application security (AppSec) adds an extra layer to software development. The more the process is automated and the more tools are integrated into the continuous delivery/continuous deployment (CI/CD) pipeline, the more challenges organizations face in securing software security from end to end (false positives, noise, etc.).
Interview-based due diligence or software audits?
Many acquirers perform interview-based due diligence, but adding a software audit can provide an in-depth assessment of software risks in a target’s code. When deciding between an interview-based due diligence or software audit, the short answer is both.