Unlikely Partnerships

Agile development organizations often see application security considerations as impediments to the rapid release cycles they strive for. But releasing software with vulnerabilities opens the door to hackers and puts the entire business at risk. How do you develop an application security program that protects the business without impacting time to market?

This white paper explores the tension between development and security teams and proposes an approach to building security into the software development lifecycle. Read it to learn:

• The five elements needed to build security into the development process
• How to use automated security scanning to make application security more reliable and efficient
• How HP Fortify can help you get started quickly

Get Whitepaper

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Get Whitepaper

Software Supply Chain Management with BOMtotal

BOMtotal is a free service that generates a bill of materials from any executable code.

Anyone who uses software has a right to know what's inside it. Just as you can examine any piece of food in a supermarket to see its ingredients, you should be able to know what's inside software that you use or might use.

Enabling anyone to generate a bill of materials (list of ingredients) for any piece of software results in a better world for all of us. Buyers gain visibility into software during their procurement cycles by requesting bills of materials from builders. Builders examine bills of materials for their own products to make sure they have no surprises. Ordinary people benefit because when builders and buyers effectively manage their software supply chains, the entire ecosystem becomes safer, more reliable, and more secure.

Get Whitepaper

Fuzz Testing Maturity Model

Fuzz testing is an industry-standard technique for locating unknown vulnerabilities in software. Fuzz testing is mandatory portion of many modern secure software development life cycles (SDLCs), such as those used at Adobe, Cisco Systems and Microsoft. This document provides a framework to assess the maturity of your processes, software, systems and devices. At the heart of this document is a vendor-agnostic maturity model for fuzz testing that maps metrics and procedures of effective fuzz testing to maturity levels. The maturity model is a lingua franca for talking about fuzzing, allowing different organizations to communicate effectively about fuzzing without being tied to specific tools.

The Fuzz Testing Maturity Model (FTMM) gives builders and buyers a set of standard levels for communicating about fuzz testing.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

What is Fuzzing: The Poet, the Courier, and The Oracle

Fuzzing is well established as an excellent technique for locating vulnerabilities in software. The basic premise is to deliver intentionally malformed input to target software and detect failure. A complete fuzzer has three components. A poet creates the malformed inputs or test cases. A courier delivers test cases to the target software. Finally, an oracle detects if a failure has occurred in the target. Fuzzing is a crucial tool in software vulnerability management, both for organizations that build software as well as organizations that use software.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

The Art of Dashboard Design: 7 Fundamentals to Master

Why is designing for dashboards so important? It serves as a visual display that represents the most important information needed to achieve a specific objective. But how do you start? What if your not a design expert? This guide will arm you with the top fundamental design concepts that you can apply to the most basic of visuals.
Get Whitepaper

Speed, Scale, Security: Orchestrating a Great Download Experience

Delivering software is becoming harder every day. Not only do you have to compete in a universe of 15 billion connected devices, but also with a growing number of users downloading everything from new applications to virus updates.

The result is a growing congestion that can undermine your ability to get your application, software patch, or device update to your end users as quickly as possible. And every minute that your users spend trying to download your software is a minute they can’t spend using it.

What it ultimately comes down to is latency.

Get Whitepaper

DevOps and the Cost of Downtime

DevOps is hot, and likely top of mind for you executives – bringing many technical and business benefits to LOB leaders, the C-suite and IT delivery organizations. But when you ask stakeholders to change what they’ve done successfully for years, you must monetize the benefits and ROI for them, and make the organization change real. This IDC Report highlights how communicating DevOps business value is critical to securing additional funding and accelerating the rate and course of change in an enterprise.
Get Whitepaper

Scaled Agile Information Kit

Scaled agile practices deliver on the promise of scaling development methods to the enterprise through a unified approach and addressing the requirements of complex constructs and additional stakeholders of today’s organizations. Just ask Nationwide Insurance, which is leveraging scaled agile practices. Learn more about scaled agile and Nationwide’s success, and you’ll discover how to:

- Utilize a foundational framework and public knowledge base of proven lean and agile practices at enterprise scale
- Reproduce benefits achieved by four real-world companies
-Follow Nationwide’s example in slashing downtime and dramatically improving code quality in just three years

Get Whitepaper

Static Code Analysis in an Agile World

To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers have had to evolve the way they develop code to be both faster and higher quality. As part of this trend, the Waterfall method of software development began to give way in the late 1990s to a more lightweight method of software development: Agile.
Get Whitepaper

TotalView for OpenPOWER, CUDA, and OpenMP

This talk from ScicomP 2015 helps you debug numerical simulations better by reviewing best debugging practices for CUDA and OpenACC-accelerated applications and discussing the development of OpenMP-specific tracing and debugging interfaces (including the OMPD interface for performance analysis).
View Now

Fuzz Testing Maturity Model

Fuzz testing is an industry-standard technique for locating unknown vulnerabilities in software. Fuzz testing is mandatory portion of many modern secure software development life cycles (SDLCs), such as those used at Adobe, Cisco Systems and Microsoft. This document provides a framework to assess the maturity of your processes, software, systems and devices. At the heart of this document is a vendor-agnostic maturity model for fuzz testing that maps metrics and procedures of effective fuzz testing to maturity levels. The maturity model is a lingua franca for talking about fuzzing, allowing different organizations to communicate effectively about fuzzing without being tied to specific tools.

The Fuzz Testing Maturity Model (FTMM) gives builders and buyers a set of standard levels for communicating about fuzz testing.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper

What is Fuzzing: The Poet, the Courier, and The Oracle

Fuzzing is well established as an excellent technique for locating vulnerabilities in software. The basic premise is to deliver intentionally malformed input to target software and detect failure. A complete fuzzer has three components. A poet creates the malformed inputs or test cases. A courier delivers test cases to the target software. Finally, an oracle detects if a failure has occurred in the target. Fuzzing is a crucial tool in software vulnerability management, both for organizations that build software as well as organizations that use software.

Synopsys solutions help deliver a more comprehensive security offering for the SDLC by adding black box testing capabilities, including the Codenomicon Defensics® tool for file and protocol fuzz testing, and the Codenomicon AppCheck™ tool for software composition analysis and vulnerability assessment.

Get Whitepaper