EEJournal

industry news
Subscribe Now
June 13, 2018

Synopsys Enables Secure App Development with Coverity Enhancements and Integrated Security Training Platform

MOUNTAIN VIEW, Calif., June 12, 2018 /PRNewswire/ — Synopsys, Inc. (Nasdaq: SNPS) today announced the availability of several new product features that enable developers to build secure applications faster. The latest Coverity® release, recognized by Gartner and Forrester as a leading static application security testing (SAST) tool, features seamless integration with Synopsys’ completely rebuilt eLearning platform, an on-demand security training solution for developers. The integration provides developers with convenient access—directly from the Coverity interface—to short, context-relevant training modules to help them address security issues Coverity detects in their code. The Coverity release also includes security analysis enhancements for detecting more vulnerabilities across a variety of programming languages and frameworks, including the ability to identify code patterns vulnerable to the highly publicized Spectre attacks.

“As more organizations adopt rapid and iterative development methodologies, it is increasingly important to shift security left in the development process,” said Andreas Kuehlmann, senior vice president and general manager of Synopsys Software Integrity Group. “That means equipping developers with the tools and training they need to take ownership of the security of their code. Finding and fixing vulnerabilities early and teaching developers to avoid security missteps in the first place results in more secure code, and it also prevents costly rework and unnecessary delays.”

Coverity integration with new eLearning platform

Synopsys eLearning is an outcome-driven, learner-centric training solution that makes application security education easy, relevant, and accessible. Users have on-demand access to an immersive, continuous learning ecosystem that unifies security expertise, instructional design, and storytelling into an intuitive platform.

  • Coverity now integrates seamlessly with eLearning to provide developers with context-specific application security lessons based on the CWEs (Common Weakness Enumerations) detected by Coverity.
  • The integration uses a proprietary vulnerability analysis tool to match detected CWEs with relevant eLearning course content based on a highest-confidence-level algorithmic assessment. Unlike other training tools, eLearning links to specific lessons in a course to ensure developers receive the most relevant information.
  • eLearning includes 37 courses covering a wide range of application security topics, including risk analysis, authentication, security standards, defensive programming for web and mobile apps, threat modeling, security testing strategy, and more.

Learn more about Synopsys eLearning.

Coverity 2018.06 enhancements

The latest release of Coverity includes security analysis enhancements for detecting more vulnerabilities across a variety of programming languages and frameworks, as well as continued support for the latest coding standards in security, safety, and reliability.

  • Spectre: Coverity is one of the first SAST solutions to provide specific security checkers that identify source code segments that are potentially susceptible to Spectre attacks.
  • Coding standards: Coverity enables customers to quickly develop apps that comply with the industry standards that matter most to their business. Coverity now supports the OWASP Top 10 2017, CERT C++, MISRA C:2012 Technical Corrigendum 1 (TC1), and DISA STIG.
  • Enhanced security analysis: Coverity can detect additional vulnerabilities in Python, Java, and Swift applications.

Learn more about Coverity static analysis.

About the Synopsys Software Integrity Platform

Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software partner for innovative companies developing the electronic products and software applications we rely on every day. As the world’s 15th largest software company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and is also growing its leadership in software security and quality solutions. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing applications that require the highest security and quality, Synopsys has the solutions needed to deliver innovative, high-quality, secure products. Learn more at www.synopsys.com.

Leave a Reply

featured blogs
BoardSurfers: Data Type Conversion in Allegro SKILL Programming
Apr 19, 2024
Data type conversion is a crucial aspect of programming that helps you handle data across different data types seamlessly. The SKILL language supports several data types, including integer and floating-point numbers, character strings, arrays, and a highly flexible linked lis...
More from Cadence...
One Robotic Step Closer to Humanoid Robots in the Home
Apr 18, 2024
Are you ready for a revolution in robotic technology (as opposed to a robotic revolution, of course)?...
More from Max's Cool Beans...
Cisco Accelerates Project Schedule by 66% Using Synopsys Cloud
Apr 18, 2024
See how Cisco accelerates library characterization and chip design with our cloud EDA tools, scaling access to SoC validation solutions and compute services.The post Cisco Accelerates Project Schedule by 66% Using Synopsys Cloud appeared first on Chip Design....
More from Synopsys...

featured video

MaxLinear Integrates Analog & Digital Design in One Chip with Cadence 3D Solvers

Sponsored by Cadence Design Systems

MaxLinear has the unique capability of integrating analog and digital design on the same chip. Because of this, the team developed some interesting technology in the communication space. In the optical infrastructure domain, they created the first fully integrated 5nm CMOS PAM4 DSP. All their products solve critical communication and high-frequency analysis challenges.

Learn more about how MaxLinear is using Cadence’s Clarity 3D Solver and EMX Planar 3D Solver in their design process.

featured chalk talk

Miniaturization Impact on Automotive Products
Sponsored by Mouser Electronics and Molex
In this episode of Chalk Talk, Amelia Dalton and Kirk Ulery from Molex explore the role that miniaturization plays in automotive design innovation. They examine the transformational trends that are leading to smaller and smaller components in automotive designs and how the right connector can make all the difference in your next automotive design.
Click here for more information about Molex Miniaturization Solutions
Sep 25, 2023
25,518 views