Dec 8, 2021   |  By Synopsys Editorial Team
Tim Mackey talks about his journey working in cybersecurity, today’s cyberthreat landscape, and how the industry is evolving.
Dec 7, 2021   |  By Scott Tolley
Broken authentication and local file inclusion leads to information disclosure and remote code execution in the GOautodial API.
Nov 29, 2021   |  By Boris Cipot
Python is a valuable programming language, but using it without proper security best practices puts applications at risk of an attack. Python is a fast, platform-agnostic, and easy-to-learn programming language that is suited for beginners and experienced developers alike. Ever since its first release in 1991, Python has had a constant presence in the computer world and has become a go-to language thanks to its easy-to-understand code and versatility.
Nov 22, 2021   |  By Chai Bhat
BSIMM12 reports increased attention on software security due to recent supply chain disruptions. Get recommendations for managing supply chain risks. As the global pandemic disrupted the way business is conducted, the workforce became more dispersed and moved far from the traditional secure enterprise environments.
Nov 17, 2021   |  By Rapid Scan Static Team
Protect your organization from the Trojan Source exploit with fast and trusted vulnerability detection from Rapid Scan Static. As everyone in the industry knows, all software vulnerabilities are not equal—some are trivial, some are irrelevant, and some are severe. Obviously, you should focus your attention on those that are characterized as severe. The recently published Trojan Source (CVE 2021-42574) vulnerability falls into the severe category—meaning you should give it full attention.
Nov 16, 2021   |  By Fred Bals
The 2021 Software Vulnerability Snapshot report uncovers the issues impacting web and mobile apps and what AppSec tools and activities can minimize risks. One of the most compelling reasons organizations use third-party application security testing is to extend their own software security testing capability when circumstances make adding new resources problematic. That’s certainly the case in today’s pandemic environment.
Nov 11, 2021   |  By Jonathan Knudsen
A vulnerability was discovered in the named DNS server implementation contained in the development branch builds of BIND 9. This is a story of catastrophe averted. It’s a case study for the value of fuzzing in software development. Synopsys Cybersecurity Research Center (CyRC) researchers discovered a denial-of-service vulnerability in development branch builds of BIND 9 by Internet Systems Consortium (ISC).
Nov 1, 2021   |  By Ashutosh Rana
Need to build a logging and monitoring solution and unsure where to begin? Get started with our logging and monitoring best practices guide. By: Nivedita Murthy, senior security consultant, and Ashutosh Rana, senior security consultant, at Synopsys.
Oct 25, 2021   |  By Jonathan Knudsen
Over seven years later, the Heartbleed vulnerability still offers important lessons in application security. Heartbleed is a serious vulnerability discovered in the openssl open source software component in April 2014. This article is a deep dive on Heartbleed and its broader implications for application security.
Oct 18, 2021   |  By Hugues Martin
If you’ve reached this page, you’re probably familiar with Spring and its basic mechanisms already. From its inception in 2002, Spring has become one of the dominant frameworks to build any kind of web application in Java. Web applications usually are the biggest interface between a company and its users—both internal and external. When security is neglected at the developer level, applications can become very desirable targets to hackers.
Nov 24, 2021   |  By Synopsys
In this episode of AppSec Decoded featuring Sammy Migues, principal scientist at Synopsys and coauthor of the BSIMM report, and Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), we discuss why the software supply chain is an inviting target for hackers and how companies can implement a proactive approach to software supply chain security with security activities that won’t slow down innovation.
Nov 16, 2021   |  By Synopsys
Digital transformation is reshaping the way organizations operate. Whether you’re one of the thousands of companies that sell software, or one of the millions that use software to run your business, your ability to innovate and deliver value to your customers is powered by secure, reliable software. See why trust matters with Synopsys.
Nov 4, 2021   |  By Synopsys
We’ve been briefing private equity investment professionals on how software is developed today and the risks it creates in the software. Understanding issues in the code allows investors to ensure that deal terms fairly allocate risk and to allow for addressing in forward-looking plans. Watch the video to learn about the legal, security, and quality software risks to look for during a software due diligence and the approaches for managing those risks.
Nov 3, 2021   |  By Synopsys

Learn more about Synopsys Software Integrity:

Oct 28, 2021   |  By Synopsys
Biden’s executive order (EO), announced earlier this spring, outlines cyber security standards and best practices that will apply to federal departments, agencies, and their technology suppliers. Although the EO’s goal is to secure the U.S. government, implications are expected to be broader and could be adopted by the commercial sector. We spoke with Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), to learn how Biden’s EO differs from prior EOs and why it should be on everyone’s radar.
Sep 23, 2021   |  By Synopsys
In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center, to learn what proactive steps both technology suppliers and buyers should consider in the wake of the new E.O.
Sep 21, 2021   |  By Synopsys
BSIMM helps organizations plan, implement, and measure their software security initiatives. A BSIMM assessment provides an objective, data-driven evaluation that leaders seeking to improve their security postures can use to base decisions about resources, time, budget, and priorities.
Aug 30, 2021   |  By Synopsys
In this episode of AppSec Decoded, we spoke with Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center (CyRC), to learn about the open source trends found in the 2021 "Open Source and Risk Analysis" (OSSRA) report.
Aug 12, 2021   |  By Synopsys
In any business today there comes a moment. The moment you realize… You can secure the code as fast as you write it. Instead of testing everything, you could just test the right things. It’s not about tools but intelligent risk management. That’s the moment you choose Synopsys. Build secure, high quality software faster.
Aug 9, 2021   |  By Synopsys
Coverity Rapid Scan for Developers and DevOps Managers at Black Hat 2021.
Oct 14, 2020   |  By Synopsys
You've realized you need to do a better job of tracking and managing your open source as well as the vulnerabilities and licenses associated with it. How hard can vulnerability management be? Do you really need special tools? After all, the license and vulnerability information is publicly available. Once you get a list of open source components and do some Google searching, you should be all set, right?
Oct 14, 2020   |  By Synopsys
Open source components are the foundation of every software application in every industry. But, its many benefits can often lead its consumers to overlook how open source affects the security of their application.
Oct 1, 2020   |  By Synopsys
Just like most software assets contain open source, modern software applications commonly link to external web services via APIs. But developers using web services might not have a suitable agreement to do so, and they may be inadvertently signing their companies up to terms of service. This white paper covers the types of risk associated with web services and how they can affect an M&A transaction.
Oct 1, 2020   |  By Synopsys
More than 11.5 billion records with sensitive information were breached between January 2005 and January 2019 ( If your business stores, processes, or transmits cardholder data, it's imperative that you implement standard security procedures and technologies to prevent the theft of this sensitive information. Start by ensuring you're in compliance with the technical and operational requirements set by the Payment Card Industry Data Security Standard (PCI DSS).
Sep 1, 2020   |  By Synopsys
Threat modeling promotes the idea of thinking like an attacker. It enables organization to build software with security considerations, rather than addresssing security as an afterthought. However, there are some very common misconceptions tha can cause firms to lose their grip around the threat modeling process. This eBook shines a light onto the essentials and helps to get your bearings straight with all things related to threat modeling.
Sep 1, 2020   |  By Synopsys
Are your developers getting discouraged by too many false positives from security tools that slow them down? You need a solution that boosts their productivity, finds real vulnerabilities, and provides expert remediation guidance. Coverity will help you achieve this and more. Learn how you can assess the ROI of implementing Coverity into your SDLC, quickly build secure applications, and accelerate your software velocity.

Synopsys solutions help you manage security and quality risks comprehensively, across your organization and throughout the application life cycle.

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in static analysis, software composition analysis, and application security testing, is uniquely positioned to apply best practices across proprietary code, open source, and the runtime environment. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.

Build secure, high-quality software faster:

  • Integrate security into your DevOps environment: Integrate and automate application security testing with the development and deployment tools you use today.
  • Build a holistic AppSec program across your organization: Ensure your people, processes, and technology are aligned to defend against cyber attacks on the software you build and operate.
  • Get on-demand security testing for any application: Extend the reach of your application security team with cost-effective security testing by our team of experts.
  • Find and fix quality and compliance issues early in development: Maximize software reliability, minimize downstream maintenance headaches, and ensure compliance with industry standards.
  • Identify open source, code quality, and security risks during M&A: Avoid surprises that can materially impact the value of software assets your company acquires.
  • Assess your AppSec threats, risks, and dependencies: Go beyond security testing to understand likely cyber attack vectors and targets, as well as design flaws that can lead to security breaches.

Any software. Any development model. Any stage. Synopsys has you covered.