9 highlights from the 2018 Software Integrity Blog

From vulnerability detection to API security, these nine topics hit the highlights from our coverage of software security and quality this year.

9 highlights from the 2018 Synopsys Software Integrity blog

1. The year 2017 broke records for the number of reported security vulnerabilities in software. We also saw one of the worst data breaches ever in terms of impact. At the end of 2017, we looked back at some of the security news over the year and evaluated how our predictions panned out. We also made some predictions for 2018.

2. Application security gets all the press, but vulnerable APIs can expose your data to anyone who knows how to ask for it. API security starts with the basics. Synopsys senior InfoSec writer Taylor Armerding explores why it’s past time to pay attention to API security.

Interconnected nodes forming a network

3. We sat down with Dr. Gary McGraw, Synopsys VP of security technology, to discuss his latest research effort. In addition to publishing the annual Building Security In Maturity Model (BSIMM) report, McGraw has set out to identify the ways in which CISOs approach their job role with the 2018 CISO Report.

4. Synopsys technical evangelist Tim Mackey provides a recap of RSA 2018 and discusses an important security topic—vulnerability detection.

RSA 2018 recap: Detecting vulnerabilities and avoiding snake oil

5. We audited over 1,100 codebases in 2017 for open source components, vulnerabilities, and licenses. Here are some highlights from the 2018 OSSRA report.

6. Consider the 23 versions of Struts discovered by the Synopsys Cybersecurity Research Center to be vulnerable to CVE-2018-11776, and ask yourself: “How am I protecting my code if I don’t have Black Duck Security Advisories?

CVE-2018-11776 and why you need Black Duck Security Advisories

7. Were you lucky enough to attend this year’s FLIGHT East? If so, you heard about tips, techniques, applications, and solutions to deliver secure, high-quality software at the speed of DevOps. But if you couldn’t attend FLIGHT East 2018, here’s the next best thing: Many of the presentations are now online.

8. Finding the perfect IAST solution for your organization’s needs can be difficult. Here’s a checklist of 8 must-have features for any good IAST tool.

9. And finally, take a look at Dr. Chenxi Wang’s 2019 cyber security predictions about the cloud, GDPR, blockchain, DevSecOps, privacy, and ICS, as well as predictions from our own experts.

A person holds a crystal ball in front of holiday lights

*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Fred Bals. Read the original post at: