|
By Phil Odence
Code snippets copied from copyleft-licensed open source projects represented the biggest risk in software 15 years ago. The Heartbleed vulnerability, discovered in April 2014, brought to the fore concerns about the security of open source components, and license risk took a bit of a back seat. But the problem never went away. Now, the advent of Generative AI as a tool for writing software is shining a new light on the issue.
|
By Debrup Ghosh
IoT devices are ubiquitous in our daily lives—whether it’s at home with connected home automation devices, or at work with connected factories, hospitals, and even connected cars. According to data-gathering and visualization firm Statista, there was an estimated 15.9 billion IoT devices in use in 2023, and that number is expected to climb to more than 32.1 billion in 2030.
|
By Rod Musser
Software applications are becoming more sophisticated every day. As a result, organizations often struggle to manage the complexity and operational costs of securing them.
|
By Mike Lyman
In early March 2024, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released its final Secure Software Development Attestation Form instructions, sparking a renewed urgency around understanding and complying with 31 of the 42 tasks in NIST SP 800-218 Secure Software Development Framework (SSDF) version 1.1.
|
By Patrick Carey
Generative AI has emerged as the next big thing that will transform the way we build software. Its impact will be as significant as open source, mobile devices, cloud computing—indeed, the internet itself. We’re seeing Generative AI’s impacts already, and according to the recent Gartner Hype Cycle for Artificial Intelligence, AI may ultimately be able to automate as much as 30% of the work done by developers.
The Synopsys Cybersecurity Research Center (CyRC) has exposed prompt injection vulnerabilities in the EmailGPT service. EmailGPT is an API service and Google Chrome extension that assists users in writing emails inside Gmail using OpenAI's GPT models. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.
The Synopsys Cybersecurity Research Center (CyRC) has exposed a data poisoning vulnerability in the EmbedAI application. EmbedAI allows users to interact with documents by utilizing the capabilities of large language models (LLMs). This vulnerability could result in an application becoming compromised, leading to unauthorized entries or data poisoning attacks.
|
By Fred Bals
Released by the Ponemon Institute and sponsored by Synopsys, the 2024 “The State of Software Supply Chain Security Risks” report surveys over 1,200 global IT and security practitioners on challenges their organizations face in securing the software supply chain. Here are six key findings from the report every cybersecurity professional should know.
|
By Corey Hamilton
We're excited to announce the availability of Polaris Assist, our AI-powered application security assistant that combines decades of real-world insights with a powerful large language model (LLM). Polaris Assist gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster.
|
By Mike McGuire
A necessary step in securing an application is evaluating the supply chain of each component used to create the application—no matter how many hands were involved in its development. If any links in the supply chain are obscured, it can be difficult to confidently assess the amount of risk that an application is susceptible to.
Microsoft and Black Duck DevOps Partnership: Build Secure, High-Quality Software Faster | Black Duck
|
By Synopsys
Building secure, high-quality software is more challenging than ever. The bar is set high for organizations to release new features and functions without compromising the quality or security in the applications they deploy. Organizations are rapidly adopting DevOps tools and methodologies to keep up-with the demands of accelerated software delivery. They are also implementing application security testing earlier in their development workflow to develop and deploy quality code.
|
By Synopsys
DevOps teams are rearchitecting their applications from monoliths to microservices, fueled by containerization and CI/CD. As application development moves to the cloud, security testing tools must follow. Application security testing solutions by Black Duck support the CI/CD tools you already use, including AWS Developer Tools. Coverity static analysis identifies security and quality issues in code as it is being built. To invoke a Coverity scan in AWS CodeBuild, simply add the steps to your application’s build specifications.
|
By Synopsys
In this video, we show you how easy it is to create an open source Software Bill of Materials (SBOMs) using Black Duck SCA. Join us as we demonstrate how to effortlessly generate an SBOM in under 30 seconds, empowering enterprise teams to prioritize SBOM creation. Key Steps.
|
By Synopsys
In this video, we unveil the three fundamental views of Software Composition Analysis (SCA) risk within Black Duck: Security, License, and Operational. Join us as we navigate the landscape of open source components to identify vulnerabilities, license obligations, and component health.
|
By Synopsys
In this video, we take you on a tour through Black Duck’s SCA tool to show you how you can find and select the most high-quality open-source components for your applications.
|
By Synopsys
Explore how Black Duck conducts independent research to issue Black Duck Security Advisories (BDSAs), providing more in-depth vulnerability data related to open source components. Key Insights.
Track and manage open source risk across your application portfolio with Black Duck SCA | Black Duck
|
By Synopsys
Learn how your security teams can take a proactive approach to managing open-source risk using Black Duck Software Composition Analysis (SCA). Join us as we explore the process of analyzing scan results, addressing new CVEs, and prioritizing remediation efforts. Key Highlights: Discover how Black Duck SCA empowers teams to surface, understand, and prioritize findings efficiently, ensuring software security and compliance.
|
By Synopsys
In this video, we unveil the three fundamental views of Software Composition Analysis (SCA) risk within Black Duck: Security, License, and Operational. Join us as we navigate the landscape of open source components to identify vulnerabilities, license obligations, and component health. Key Insights: Explore how Black Duck provides unparalleled visibility into your open-source components, empowering you to make informed decisions regarding vulnerabilities, license compliance, and component health.
|
By Synopsys
Discover how to identify open source components and vulnerabilities in various software binaries including container images, mobile apps, and embedded software with Black Duck Binary Analysis What’s covered?
Track and manage open source risk across your application portfolio with Black Duck SCA | Black Duck
|
By Synopsys
Learn how your security teams can take a proactive approach to managing open-source risk using Black Duck Software Composition Analysis (SCA). Join us as we explore the process of analyzing scan results, addressing new CVEs, and prioritizing remediation efforts. Key Highlights: Discover how Black Duck SCA empowers teams to surface, understand, and prioritize findings efficiently, ensuring software security and compliance.
|
By Synopsys
You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
|
By Synopsys
Open source components are the foundation of every software application in every industry. But, its many benefits can often lead its consumers to overlook how open source affects the security of their application.
|
By Synopsys
More than 11.5 billion records with sensitive information were breached between January 2005 and January 2019 (PrivacyRights.org). If your business stores, processes, or transmits cardholder data, it's imperative that you implement standard security procedures and technologies to prevent the theft of this sensitive information. Start by ensuring you're in compliance with the technical and operational requirements set by the Payment Card Industry Data Security Standard (PCI DSS).
|
By Synopsys
Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. But developers using web services might not have a suitable agreement to do so, and they may be inadvertently signing their companies up to terms of service. This white paper covers the types of risk associated with web services and how they can affect an M&A transaction.
|
By Synopsys
Threat modeling promotes the idea of thinking like an attacker. It enables organization to build software with security considerations, rather than addresssing security as an afterthought. However, there are some very common misconceptions tha can cause firms to lose their grip around the threat modeling process. This eBook shines a light onto the essentials and helps to get your bearings straight with all things related to threat modeling.
|
By Synopsys
Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.
- January 2025 (8)
- December 2024 (6)
- November 2024 (1)
- October 2024 (2)
- September 2024 (1)
- July 2024 (4)
- June 2024 (3)
- May 2024 (2)
- April 2024 (14)
- March 2024 (20)
- February 2024 (9)
- January 2024 (11)
- December 2023 (7)
- November 2023 (8)
- October 2023 (17)
- September 2023 (13)
- August 2023 (17)
- July 2023 (12)
- June 2023 (10)
- May 2023 (15)
- April 2023 (23)
- March 2023 (15)
- February 2023 (9)
- January 2023 (14)
- December 2022 (3)
- November 2022 (12)
- October 2022 (11)
- September 2022 (6)
- August 2022 (16)
- July 2022 (13)
- June 2022 (8)
- May 2022 (11)
- April 2022 (11)
- March 2022 (6)
- February 2022 (5)
- January 2022 (7)
- December 2021 (9)
- November 2021 (8)
- October 2021 (8)
- September 2021 (15)
- August 2021 (14)
- July 2021 (14)
- June 2021 (18)
- May 2021 (13)
- April 2021 (11)
- March 2021 (12)
- February 2021 (8)
- January 2021 (10)
- December 2020 (10)
- November 2020 (12)
- October 2020 (13)
- September 2020 (13)
- August 2020 (1)
- July 2020 (7)
- June 2020 (1)
- May 2020 (2)
- February 2020 (1)
- January 2020 (1)
- November 2019 (1)
Synopsys solutions help you manage security and quality risks comprehensively, across your organization and throughout the application life cycle.
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
Build secure, high-quality software faster:
- Integrate security into your DevOps environment: Integrate and automate application security testing with the development and deployment tools you use today.
- Build a holistic AppSec program across your organization: Ensure your people, processes, and technology are aligned to defend against cyber attacks on the software you build and operate.
- Get on-demand security testing for any application: Extend the reach of your application security team with cost-effective security testing by our team of experts.
- Find and fix quality and compliance issues early in development: Maximize software reliability, minimize downstream maintenance headaches, and ensure compliance with industry standards.
- Identify open source, code quality, and security risks during M&A: Avoid surprises that can materially impact the value of software assets your company acquires.
- Assess your AppSec threats, risks, and dependencies: Go beyond security testing to understand likely cyber attack vectors and targets, as well as design flaws that can lead to security breaches.
Any software. Any development model. Any stage. Synopsys has you covered.