Software Integrity

Archive for September 2016

 

New Study Finds Static Analysis and Fuzz Testing From Synopsys Can Save Millions In Remediation Costs

By integrating testing early in the software development lifecycle, organizations may realize a high ROI. Earlier this year, Synopsys commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) case study for an organization deploying Coverity, a static code analysis solution, and Defensics, an intelligent fuzzing solution. The goal of Forrester’s independent TEI study was […]

Continue Reading...

Posted in Seeker | Comments Off on New Study Finds Static Analysis and Fuzz Testing From Synopsys Can Save Millions In Remediation Costs

 

Protecode SC Scans Over One Million Applications

On Tuesday, Protecode SC, the online software composition analysis product from Synopsys, scanned its one millionth customer submitted app. “This is a significant milestone,” said David Chartier, VP of Marketing, Synopsys Software Integrity Group. “This is a strong showing of scalability and widespread adoption of Protecode SC and of it’s ability to meet the demands […]

Continue Reading...

Posted in Seeker | Comments Off on Protecode SC Scans Over One Million Applications

 

The Digital Doctors Are In – Are You Covered?

Following recent vulnerabilities disclosed in medical devices, a panel of experts discussed current remediation efforts and steps toward developing industry best practices. On the CodenomiCON 2016 panel The Digital Doctors Are In – Are You Covered? moderated by Chenxi Wang, Chief Strategy Officer at Twistlock, security experts debated the challenges facing the healthcare and medical […]

Continue Reading...

Posted in Medical Device Security | Comments Off on The Digital Doctors Are In – Are You Covered?

 

AAMI TIR57 Recognized By The FDA As A Foundational Cybersecurity Standard For Medical Devices

It took a few years to make it happen, but the AAMI TIR57 “Principles for medical device security – Risk management” standard was finally published by AAMI this summer, and the FDA formally recognized it as a foundational standard less than a month after it came out. It really is no surprise that the FDA […]

Continue Reading...

Posted in Medical Device Security | Comments Off on AAMI TIR57 Recognized By The FDA As A Foundational Cybersecurity Standard For Medical Devices

 

Cyber Supply Chain Risks Identified at CodenomiCON 2016

Experts from UL, government, and industry have established programs for organizations to mitigate risks from exploitable software in their cyber supply chain. On the CodenomiCON 2016 panel Mitigating Software Supply Chain Risks – Gaining Trust of Software in Cyber Assets, moderated by Joe Jarzombek, Global Manager for Software Supply Chain Management for the Synopsys Software […]

Continue Reading...

Posted in Government Security | Comments Off on Cyber Supply Chain Risks Identified at CodenomiCON 2016

 

5 Questions to Ask Yourself When Deciding on the Best Static Code Analysis Tool

Buying a house is interesting because it forces you to take a look at everything that you may have taken for granted and ignored. Recently, while I was packing my tools in preparation for a move, I realized that I have eight different hammers in my toolbox. Each hammer serves a different purpose and not […]

Continue Reading...

Posted in Open Source Security, Software Security Testing, Software Testing Optimization, Static Analysis (SAST) | Comments Off on 5 Questions to Ask Yourself When Deciding on the Best Static Code Analysis Tool

 

Why There Are At Least 6,000 Vulnerabilities Without CVE IDs

A new investigation suggests that up to six thousand software vulnerabilities lack CVE-ID. In a rather long article in CSO, Steve Ragan explains that in 2015 alone there were 6,356 vulnerabilities disclosed to the public that didn’t receive a CVE-ID. Ragan bases his claim on the fact that another vulnerability database, VulnDB, shows 14,914 vulnerabilities […]

Continue Reading...

Posted in Seeker | Comments Off on Why There Are At Least 6,000 Vulnerabilities Without CVE IDs

 

Hear What a Former Deputy Assistant AG for National Security Said at CodenomiCON 2016

At CodenomiCON 2016, a former U.S. government official talked about changes in cybersecurity perceptions. In a fireside chat, computer scientist Fred Cohen interviewed Luke Dembosky, Cybersecurity Attorney, Debevoise & Plimpton. Dembosky was the former U.S. Deputy Assistant Attorney General for National Security. When asked what are some of the biggest differences with cybersecurity today, Dembosky […]

Continue Reading...

Posted in Government Security | Comments Off on Hear What a Former Deputy Assistant AG for National Security Said at CodenomiCON 2016

 

Helping the Automotive Industry Prepare for Regulations

The U.S. Government has proposed new regulation of Highly Automated Vehicles while the industry works toward self-regulation. On Monday, the Detroit News Website reported that the U.S. government will attempt regulate autonomous vehicles. Such regulation will be available in an official document titled “Federal Automated Vehicles Policy”. According to the article “[r]egulators say they will […]

Continue Reading...

Posted in Automotive Security | Comments Off on Helping the Automotive Industry Prepare for Regulations

 

Missed CodenomiCON This Year? We’ve Got You Covered.

Some of the hottest security talks this year were at Codenomicon 2016. In what’s become an annual tradition, top security researchers have gathered at CodenomiCON in Las Vegas, NV. It is held the day before the Black Hat USA Briefings. This year’s CodenomiCON was held on August 2, 2016. Since admittance to CodenomiCON is limited, […]

Continue Reading...

Posted in Seeker | Comments Off on Missed CodenomiCON This Year? We’ve Got You Covered.