How To Build A Rock-Solid Software Security Initiative

Application security testing is the starting block, not the finish line. While a critical component of every security program, the “penetrate and patch” approach is not a strategy. You need a complete program to lower risk exposure, measure progress, and demonstrate results. The most effective AppSec programs—or software security initiatives—are fine-tuned to their respective organiz... » read more

2021 Software Vulnerability Snapshot

The Synopsys Cybersecurity Research Center (CyRC) examined anonymized data from thousands of commercial software security tests performed by Synopsys application security testing services in 2020. The CyRC team measured this data against the 2021 OWASP Top 10 list of the most critical security risks to web applications. Key findings in the report include   97% of tests uncovered vul... » read more

The 5 Essential Elements Of A Successful Software Security Initiative

Every organization that develops or integrates software needs a software security initiative—a blend of people, processes and tools that ensures applications and the data they process are secure. As customers, regulators, executives and boards of directors start asking for evidence of a formal approach to software security, organizations are trying to determine where to start, how to construc... » read more

When It Makes Sense To Perform An Open Source Audit

Today's software is not created so much as assembled. The parts that serve as ingredients come from a variety of sources, but mostly from the millions of open source components freely available on the internet. This has enabled a digital transformation in several industries, helping market leaders speed their time to market, lower costs, and improve innovation. But what are the licensing and... » read more

10 Things You Ought To Know Before You Benchmark Your Software Security Program

Benchmarking can help you get a new software security initiative off the ground or better navigate an existing one. It is different from other measurement techniques because it focuses on excellence, includes detailed comparisons, and pools confidential information among numerous organizations. To get you started in the right direction, we’ve put together some quick tips so you get the mos... » read more

Why It’s So Hard To Stop Cyber Attacks On ICs

Semiconductor Engineering sat down to discuss security risks across multiple market segments with Helena Handschuh, security technologies fellow at Rambus; Mike Borza, principal security technologist for the Solutions Group at Synopsys; Steve Carlson, director of aerospace and defense solutions at Cadence; Alric Althoff, senior hardware security engineer at Tortuga Logic; and Joe Kiniry, princi... » read more

Effective Configuration Of Security Tools

To do a job well, you need the right tools. But it’s just as important—perhaps even more so—to use those tools correctly. A hammer will make things worse in your construction project if you’re trying to use it as a screwdriver or a drill. The same is true in software development. The intricacies of coding and the fact that it’s done by humans means that throughout the software deve... » read more

Securing The Modern Vehicle

For far too long, we’ve lacked the data needed to fully understand how effective the automotive industry is at addressing the software security risks inherent in connected, software-enabled vehicles. Synopsys and SAE International partnered to commission this independent survey of the current cybersecurity practices in the automotive industry to fill this information gap. Click here to rea... » read more