Security News and Research
Building Security In Podcast: Machine Learning + AI
In episode 2 of the ‘Building Security In – The Next Decade’ podcast, we discuss the impact and future of AI, machine learning and software security ...
Podcast: The current state of DevOps
In this first episode of Synopsys’ new podcast series, ‘Building Security In – The Next Generation’, we cover the current state of DevOps. ...
CyRC Vulnerability Advisory: CVE-2023-32353, Apple iTunes local privilege escalation on Windows
Synopsys Cybersecurity Research Center has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-32353, a local privilege escalation vulnerability ...
Synopsys named in 2023 Fortress Cyber Security Awards
Synopsys named a winner in the Application Security Organization category for a 2023 Fortress Cyber Security Award ...
Synopsys and ReversingLabs sign agreement to enhance software supply chain risk management
Agreement between Synopsys and ReversingLabs delivers comprehensive software supply chain risk management solution. Addressing the supply chain challenge In recent years, DevOps has changed the way software is released into production. This ...
A deep-dive on Pluck CMS vulnerability CVE-2023-25828
CVE-2023-25828 vulnerability; history, mitigation analysis, and everything you need to know about the remote code execution (RCE) vulnerability in Pluck CMS. Summary CVE-2023-25828, tracked in the Black Duck KnowledgeBase™ as BDSA-2023-0370, is an ...
CRN’s 2023 Women of the Channel Awards list
Denise Ahrens, Andrea Jaime, Annia Rodriguez of Synopsys Software Integrity Group named to CRN’s 2023 Women of the Channel Awards list ...
CyRC Vulnerability Advisory: CVE-2023-25826 and CVE-2023-25827 in OpenTSDB
Synopsys Cybersecurity Research Center discovers new RCE vulnerability and cross-site scripting vulnerability in OpenTSDB. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered a remote command execution vulnerability (CVE-2023-25826), and a reflected ...
We’re one step closer to knowing how to comply with EO 14028
CISA’s draft self-attestation form, published today, is a step in the right direction in demystifying EO 14028 compliance ...
Friend or foe: AI chatbots in software development
Yes, AI chatbots can write code very fast, but you still need human oversight and security testing in your AppSec program ...