Defensics extends fuzzing capabilities for IoT markets

Wednesday, October 25, 2023

Internet of Things (IoT) devices are becoming ubiquitous, with billions deployed in the world. And threat actors are constantly looking for vulnerabilities in them because, unlike traditional IT devices, once IoT devices with fixed firmware are deployed, it is often impossible to fix problems. That’s why it is critical to thoroughly test the security and …

Eliminate false positives with WhiteHat Dynamic

Wednesday, September 20, 2023

WhiteHat Dynamic helps organizations eliminate false positives. In the digital age, web apps are the engine that powers business. Organizations rely on web apps to run everything from internal team sites and HR portals to external client portals, business interfaces, and shopping carts. But web apps are also where threat actors can attack your business-critical …

Whose IP is it anyway? Introducing Synopsys AI code analysis API

Wednesday, August 16, 2023

With generative AI tools like ChatGPT, GitHub Copilot, and Tabnine flooding the software development space, software developers are quickly adopting these technologies to help automate everyday development tasks. And the use of these AI tools is continuing to expand exponentially, as evidenced by a recent Stack Overflow survey that found an overwhelming 70% of its 89,000 respondents …

Challenges of interoperability in fuzz testing

Wednesday, July 19, 2023

Understanding how to overcome the challenges of interoperability in fuzz testing helps ensure efficient and comprehensive testing results.  In fuzz testing, interoperability means that the system under test (SUT) is in the correct state to receive fuzz test data for efficient and comprehensive testing. Defensics® is a generational, model-based fuzzer that recognizes the protocol that users are …

Software quality: Diligence prep for sellers

Wednesday, July 05, 2023

Due diligence for buyers Every year, thousands of tech companies go through mergers and acquisitions (M&As), with transaction totals reaching billions of dollars. During an M&A transaction the stakes are at their highest, and acquirers must ensure that they are making a solid investment. As part of the process of making a fully informed decision, …

Top open source licenses and legal risk for developers

Wednesday, June 14, 2023

Learn about the top open source licenses used by developers in 2022-23, including the 20 most popular open source licenses, and their legal risk categories. Software supply chain management needs license as well as security compliance If you’re a software developer, you’re probably using open source components and libraries to build software. You know those …

Production-safe DAST: Your secret weapon against threat actors

Wednesday, May 10, 2023

Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested. By incorporating dynamic application security testing (DAST) …

2023 OSSRA: A deep dive into open source trends

Wednesday, April 12, 2023

Open source is everywhere, as is the need to properly manage it. Get the latest open source trends from the 2023 OSSRA report. It’s that time of year again: Now in its 8th edition, the Synopsys “Open Source Security and Risk Analysis” (OSSRA) report launched earlier this week. This year’s report, produced by the Synopsys Cybersecurity Research Center (CyRC), …

Software risks and technical debt: The role of process in determining good software

Wednesday, March 15, 2023

Understanding how software is developed and the areas impacted by technical debt can help lawyers and investors assess software risks during an M&A. Insight into how software is developed and what kinds of issues can lurk in a codebase enables businesspeople and lawyers to better understand software risks and how to mitigate them. Disciplined development …

OWASP Top 10: Broken access control

Wednesday, February 15, 2023

Listed as #1 on the OWASP Top 10 list, broken access control is when an attacker can gain unauthorized access to restricted information or systems. Access control ensures that people can only gain access to things they’re supposed to have access to. When access control is broken, an attacker can obtain unauthorized access to information …