Accelerate application code fixes with AI-powered Polaris Assist

Wednesday, May 29, 2024

We’re excited to announce the availability of Polaris Assist, our AI-powered application security assistant that combines decades of real-world insights with a powerful large language model (LLM). Polaris Assist gives security and development teams easy-to-understand summaries of detected vulnerabilities and code fix recommendations to help them build secure software faster. Understanding challenges to developer productivity   …

Building a software Bill of Materials with Black Duck

Wednesday, May 22, 2024

A necessary step in securing an application is evaluating the supply chain of each component used to create the application—no matter how many hands were involved in its development. If any links in the supply chain are obscured, it can be difficult to confidently assess the amount of risk that an application is susceptible to. …

github coverity actions

Mobile app security testing and development at the speed your business demands

Wednesday, January 31, 2024

Synopsys recently introduced static application security testing (SAST) support for the Dart programming language and the Flutter application framework to expand our coverage for mobile development teams that are tasked with delivering secure apps on multiple platforms. This builds on our support of more than 20 programming languages and 200 frameworks, and complements our existing Kotlin, Swift, …

Defensics extends fuzzing capabilities for IoT markets

Wednesday, October 25, 2023

Internet of Things (IoT) devices are becoming ubiquitous, with billions deployed in the world. And threat actors are constantly looking for vulnerabilities in them because, unlike traditional IT devices, once IoT devices with fixed firmware are deployed, it is often impossible to fix problems. That’s why it is critical to thoroughly test the security and …

Eliminate false positives with WhiteHat Dynamic

Wednesday, September 20, 2023

WhiteHat Dynamic helps organizations eliminate false positives. In the digital age, web apps are the engine that powers business. Organizations rely on web apps to run everything from internal team sites and HR portals to external client portals, business interfaces, and shopping carts. But web apps are also where threat actors can attack your business-critical …

Whose IP is it anyway? Introducing Synopsys AI code analysis API

Wednesday, August 16, 2023

With generative AI tools like ChatGPT, GitHub Copilot, and Tabnine flooding the software development space, software developers are quickly adopting these technologies to help automate everyday development tasks. And the use of these AI tools is continuing to expand exponentially, as evidenced by a recent Stack Overflow survey that found an overwhelming 70% of its 89,000 respondents …

Challenges of interoperability in fuzz testing

Wednesday, July 19, 2023

Understanding how to overcome the challenges of interoperability in fuzz testing helps ensure efficient and comprehensive testing results.  In fuzz testing, interoperability means that the system under test (SUT) is in the correct state to receive fuzz test data for efficient and comprehensive testing. Defensics® is a generational, model-based fuzzer that recognizes the protocol that users are …

Software quality: Diligence prep for sellers

Wednesday, July 05, 2023

Due diligence for buyers Every year, thousands of tech companies go through mergers and acquisitions (M&As), with transaction totals reaching billions of dollars. During an M&A transaction the stakes are at their highest, and acquirers must ensure that they are making a solid investment. As part of the process of making a fully informed decision, …

Top open source licenses and legal risk for developers

Wednesday, June 14, 2023

Learn about the top open source licenses used by developers in 2022-23, including the 20 most popular open source licenses, and their legal risk categories. Software supply chain management needs license as well as security compliance If you’re a software developer, you’re probably using open source components and libraries to build software. You know those …

Production-safe DAST: Your secret weapon against threat actors

Wednesday, May 10, 2023

Software powers modern businesses, but these ever-evolving applications and systems can also include vulnerabilities that threat actors can exploit to disrupt, threaten, and steal critical data. But fear not: Robust security processes can mitigate most of these risks and ensure that new features and updates are properly tested. By incorporating dynamic application security testing (DAST) …