Welcome!

News Feed Item

Synopsys Enhances Its Software Integrity Platform to Address Evolving Needs of Organizations Building Security and Quality into their Software

Latest Product Updates Expand Coverage for New Programming Languages and MISRA Compliance, Improve Integration Capabilities and Increase Flexibility

MOUNTAIN VIEW, Calif., July 13, 2017 /PRNewswire/ -- Synopsys, Inc. (Nasdaq: SNPS) today announced key updates to its Software Integrity Platform that are designed to help companies build security and quality into their software while reducing time-to-market. In the era of digital transformation, building secure and reliable software is challenged by the rapid, complex and diverse nature of development cycles. The latest updates to the Synopsys Software Integrity Platform address these challenges with expanded support for new programming languages, full coverage for the Motor Industry Software Reliability Association (MISRA) guidelines, improved automation and integration capabilities, and increased flexibility.

According to a recent Forrester Research report, "Applications are increasingly the face of interaction between companies and their customers; this includes customer-facing applications, differentiating mobile apps, Internet-of-things (IoT) device interfaces, and streamlined back-end processes. Meanwhile, application security technologies continue to evolve based on new developer methodologies, new attack vectors, new application types, and new business needs."1

"The latest enhancements to the Synopsys Software Integrity Platform help organizations address the rapid pace of change when developing and securing their software," said Andreas Kuehlmann, senior vice president and general manager for the Synopsys Software Integrity Group. "By expanding our coverage to include new programming languages and standards compliance, and ensuring our solutions integrate with a diverse ecosystem of development tools, we enable our platform to be adaptable to a wide range of customer needs. Synopsys is positioned to guide organizations along their software integrity journey as the industry landscape evolves."

The new updates to the Synopsys Software Integrity Platform include a wide range of enhancements and features: 

Expanded coverage: Organizations are expanding their software portfolios, resulting in the adoption of new programming languages, frameworks, and open source software components, while they are simultaneously navigating security, quality and compliance requirements. Empowering organizations to improve the security and quality of their broadening software portfolios, Synopsys continues to expand the coverage of its Software Integrity Platform.

  • Programming languages and analysis checkers –  The latest platform updates introduce Coverity® Static Analysis support for the Swift programming language, improved Protecode™ Software Composition Analysis support for open-source components written in Ruby programming language, and new eLearning courses for secure programming techniques in Android, iOS, and JavaScript. Synopsys has also expanded its static analysis offerings to detect a wider range of security and quality defects across all supported programming languages including Java and JavaScript.
  • Industry standards – Synopsys' Static Analysis tool now provides full coverage for MISRA, a series of software development guidelines used by the automotive and other safety-critical industries to promote the safety and security of embedded systems. With this update, the Synopsys' Software Integrity Platform now supports all statically verifiable rules in MISRA C 2004, MISRA C++ 2008, and MISRA C 2012.

Integration and automation: With the emergence of trends such as DevOps and continuous integration/continuous deployment (CI/CD), organizations are shifting toward more rapid and iterative development methodologies. To keep pace, software security testing efforts need to leverage automation and integrate with development tool chains and workflows. Synopsys continues to introduce news ways to automate the security and quality testing process, integrating it seamlessly with other development tools and workflows.

  • Synopsys updated its static analysis integration with CI/CD tools like Jenkins, as well as current versions of popular integrated development environments (IDEs), including Eclipse 4.7, Microsoft Visual Studio 2017, and IntelliJ IDEA. Integrating static analysis into development tools allows organizations to test early and often without disrupting their workflows or leaving their development environments.
  • Synopsys updated its software composition analysis solution to automate the confirmation of identified open-source software components, which accelerates adoption and time-to-value.
  • For its Managed Services for application security testing (AST), Synopsys added additional API enhancements to assist clients with automation of assessments. Organizations can manage their applications via the API, as well as export results and schedule assessments.

Flexibility: When it comes to making software secure, every organization has unique requirements and challenges that go beyond the confines of traditional out-of-the-box security solutions. Synopsys is committed to making its Software Integrity Platform flexible and customizable, giving companies the freedom to tailor the existing solutions to address new or special needs.

  • In this latest update, Synopsys introduced a Defensics® Fuzz Testing Software Development Kit (SDK) for building custom fuzz testing tools that detect critical security vulnerabilities in software applications and embedded devices. The SDK is built on the underlying technology of the industry leading Defensics Fuzz Testing tool, which was used to discover the infamous Heartbleed vulnerability. The Synopsys Fuzz Testing SDK is a powerful framework that provides companies the flexibility to test proprietary, niche or previously unsupported communication protocols and file formats.
  • Synopsys also added more flexibility to its eLearning solution, the self-paced security training component of its Software Integrity Platform. It has modularized the courses into bite-sized, consumable and mobile responsive modules, providing developers with focused training around a wide array of evolving technology stacks.
  • Synopsys added workflow enhancements to its Managed Services for application security testing to increase customer self-service and flexibility. Tests can now be removed from the queue and rescheduled quickly and easily. A new commenting feature was also introduced to the Managed Services workflow, providing a single location for customers and Synopsys consultants to communicate, ask questions, and provide updates. These updates enable Synopsys' Managed Services offering to be more responsive to organizations' changing needs, ultimately improving service utilization and value delivered.

About the Synopsys Software Integrity Platform

Synopsys offers the most comprehensive solution for building integrity —security and quality— into the software development lifecycle and supply chain. The Software Integrity Platform unites leading testing technologies, automated analysis, and experts to create a robust portfolio of products and services. This portfolio enables companies to develop personalized programs for detecting and remediating defects and vulnerabilities early in the development process, minimizing risk and maximizing productivity. Synopsys, a recognized leader in Application Security Testing (AST), is uniquely positioned to adapt and apply best practices to new technologies and trends such as IoT, DevOps, CI/CD, and the Cloud. For more information, go to www.synopsys.com/software.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software partner for innovative companies developing the electronic products and software applications we rely on every day. As the world's 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you're a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.

1. "TechRadar: Application Security, Q3 2017", Forrester Research, Inc., July 6, 2017

Editorial Contacts:
Mark Van Elderen                                                           
Synopsys, Inc.
650-793-7450
[email protected]

Simone Souza
Synopsys, Inc.
650-584-6454
[email protected]

 

View original content:http://www.prnewswire.com/news-releases/synopsys-enhances-its-software-integrity-platform-to-address-evolving-needs-of-organizations-building-security-and-quality-into-their-software-300487552.html

SOURCE Synopsys, Inc.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
By 2021, 500 million sensors are set to be deployed worldwide, nearly 40x as many as exist today. In order to scale fast and keep pace with industry growth, the team at Unacast turned to the public cloud to build the world's largest location data platform with optimal scalability, minimal DevOps, and maximum flexibility. Drawing from his experience with the Google Cloud Platform, VP of Engineering Andreas Heim will speak to the architecture of Unacast's platform and developer-focused processes.
Wooed by the promise of faster innovation, lower TCO, and greater agility, businesses of every shape and size have embraced the cloud at every layer of the IT stack – from apps to file sharing to infrastructure. The typical organization currently uses more than a dozen sanctioned cloud apps and will shift more than half of all workloads to the cloud by 2018. Such cloud investments have delivered measurable benefits. But they’ve also resulted in some unintended side-effects: complexity and risk. ...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workloads and move away from monolithic designs. From the front-end, middle-ware and back-end layers, serverless workloads potentially have a larger security risk surface due to the many moving pieces. This talk will focus on key areas to consider for securing end to end, from dev to prod. We will discuss patterns for end to end TLS, session management, scaling to absorb attacks and mitigation techniques.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
The vast majority of businesses now use cloud services, yet many still struggle with realizing the full potential of their IT investments. In particular, small and medium-sized businesses (SMBs) lack the internal IT staff and expertise to fully move to and manage workloads in public cloud environments. Speaker Todd Schwartz will help session attendees better navigate the complex cloud market and maximize their technical investments. The SkyKick co-founder and co-CEO will share the biggest challe...
Machine learning provides predictive models which a business can apply in countless ways to better understand its customers and operations. Since machine learning was first developed with flat, tabular data in mind, it is still not widely understood: when does it make sense to use graph databases and machine learning in combination? This talk tackles the question from two ends: classifying predictive analytics methods and assessing graph database attributes. It also examines the ongoing lifecycl...
The Founder of NostaLab and a member of the Google Health Advisory Board, John is a unique combination of strategic thinker, marketer and entrepreneur. His career was built on the "science of advertising" combining strategy, creativity and marketing for industry-leading results. Combined with his ability to communicate complicated scientific concepts in a way that consumers and scientists alike can appreciate, John is a sought-after speaker for conferences on the forefront of healthcare science,...
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will d...
Dhiraj Sehgal works in Delphix's product and solution organization. His focus has been DevOps, DataOps, private cloud and datacenters customers, technologies and products. He has wealth of experience in cloud focused and virtualized technologies ranging from compute, networking to storage. He has spoken at Cloud Expo for last 3 years now in New York and Santa Clara.
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
When building large, cloud-based applications that operate at a high scale, it's important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. "Fly two mistakes high" is an old adage in the radio control airplane hobby. It means, fly high enough so that if you make a mistake, you can continue flying with room to still make mistakes. In his session at 18th Cloud Expo, Le...