Was there ever any doubt that defective software could kill people — lots of people? If there was, two catastrophic Boeing 737 MAX 8 jetliner crashes erased it. But so far, there is scant evidence that these tragedies have revolutionized software development. …

Synopsys wants you to join our Software Integrity team! Join us on Tuesday, January 28, 2020 for an evening of guest speakers, prizes, networking, and food drink! RSVP! Visit our careers page to learn more about the open positions within our Software Integrity Group: https://www.synopsys.com/company/synopsys-careers.html Learn more about Synopsys Software Integrity:https://www.synopsys.com/software-integrity.html

With so many web frameworks available, it’s no surprise that framework code often makes up most of the code in an application. But this also means framework code comes from a range of sources. How can you ensure that web framework code doesn’t introduce security vulnerabilities into your application? Security…

A cyber security acquisition can be a great deal for investors, but what about users? Here’s what to do if your application security tool has been acquired. Review your contract. …

This year DEF CON introduced a variety of “villages,” which function as mini-conferences, focusing on areas like blockchain, cryptography, and digital currencies. A central component of these villages was hands-on learning experience in the form of workshops and competitions. …

What is an application security vulnerability? An application security vulnerability is a security bug, flaw, error, fault, hole, or weakness in software architecture, design, code, or implementation that can be exploited by attackers. Security vulnerability lists like OWASP Top 10 Most Critical Web Application Security Risks and the similar CWE/SANS Top 25 Most Dangerous Software Errors…

Organizations moving to the cloud are mindful of the security risks inherent in both cloud computing and the migration process. But there’s a lot of contradicting information about the top security risks of moving to the cloud. If you’re planning to migrate business operations to the cloud, what should you…

If you’ve heard of the BSIMM, you know it’s the best way to measure your software security initiative (SSI) year after year to see how it’s evolving and how your SSI compares to that of other firms in your industry. The latest version, BSIMM10, compiles a decade of research on…

Do you have questions about fuzz testing? We’ve got answers, explanations, and recommendations from our last webinar on fuzzing using agent instrumentation. How do you know when to stop fuzzing? It comes down to metrics. Fuzzing has an infinite space issue in the sense that it’s negative testing. That means you can have an arbitrary number of test…