2023 Open Source Security And Risk Analysis Report


The annual “Open Source Security and Risk Analysis” (OSSRA) report, now in its 8th edition, examines vulnerabilities and license conflicts found in roughly 1,700 codebases across 17 industries. The report offers recommendations for security, legal, risk, and development teams to better understand the security and risk landscape accompanying open source development and use. Click here to ... » read more

2023 Open Source Risk In M&A By The Numbers


Learn how an open source audit can reduce your security risk Here’s what we know: Most of today’s codebases contain open source components. Vulnerabilities and licensing issues in codebases are as pervasive as open source itself. Unpatched software vulnerabilities are one of the biggest cyberthreats organizations face. Failure to comply with open source licenses can put... » read more

Securing Next-Gen 5G And IoT With Defensics Fuzzing


Expansion of the IoT brings new security challenges The evolution of 5G technologies continues to drive advancement in Internet of Things (IoT) devices and their applications. By 2025, experts predict there will be nearly 4 billion IoT mobile connections in the world, and more than 64 billion IoT devices by 2026. In addition to enabling superior performance and efficiency, 5G expands the ... » read more

2021 Software Vulnerability Snapshot


The Synopsys Cybersecurity Research Center (CyRC) examined anonymized data from thousands of commercial software security tests performed by Synopsys application security testing services in 2020. The CyRC team measured this data against the 2021 OWASP Top 10 list of the most critical security risks to web applications. Key findings in the report include   97% of tests uncovered vul... » read more

Securing 5G And IoT With Fuzzing


5G will revolutionize many industries, with up to 100 times the speed, 100 times the capacity, and one-tenth the latency compared to 4G LTE. But in addition to providing superior performance, 5G expands the attack surface of apps and IoT devices that rely on this next-gen network. In addition to known security exploits, we’re bound to see unknown, novelty attacks. Fuzz testing (or fuzzing)... » read more

SoC Verification From Pre-Fabrication To The Over-the-Air Update


The recent new of attacks on system infrastructures serves to highlight that hardware vulnerabilities in the supply chain are not only possible but inevitable if proper precautions are ignored. Verification throughout the entire supply chain is necessary to ensure the safety and security of hardware. Starting as early as the pre-fabrication stage, vulnerabilities, if left unchecked, can be an o... » read more

A Glossary For Chip And Semiconductor IP Security And Trust


A significant portion of electronic system vulnerabilities involves hardware. In 2015 the Common Vulnerabilities and Exposures (CVE-MITRE) database recorded 6,488 vulnerabilities. A considerable proportion (43%) can be classified as software-assisted hardware vulnerabilities (see Fig. 1). The discovery of Meltdown and Spectre in January 2018 has sparked a series of investigations into hardware ... » read more

System Bits: March 7


Math picture language Harvard University researchers reminded that Galileo called mathematics the “language with which God wrote the universe,” as he described a picture-language. Now that language has a new dimension. [caption id="attachment_35501" align="alignright" width="300"] Arthur Jaffe (left) and Zhengwei Liu are the creators of a new, 3D pictorial language for mathematics. They b... » read more