industry news
Subscribe Now

Synopsys Authorized as a CVE Numbering Authority (CNA)

CNA designation issued by the CVE Program streamlines Synopsys' ability to publish open source software vulnerabilities, underscoring its commitment to bolstering the security of the software ecosystem.

MOUNTAIN VIEW, Calif., March 30, 2021 /PRNewswire/ — Synopsys, Inc. (Nasdaq: SNPS) today announced the company’s designation as a CVE Numbering Authority (CNA) by the CVE Program. As a CNA, the Synopsys Software Integrity Group is now authorized to assign CVE identification numbers to newly discovered vulnerabilities and publish information about the vulnerabilities in the associated CVE records.

Since the inception of its Cybersecurity Research Center (CyRC), Synopsys has strived to improve the security posture of the open source community through testing tools like Coverity Scan, by providing enriched CVE data to customers through Black Duck Security Advisories, and by responsibly disclosing vulnerabilities it discovers through the CVE Program and other CNAs. As a newly designated CNA, Synopsys can streamline the process of publishing accurate and timely vulnerability information it uncovers to the public.

“We’re excited to take this next step in our progression as a good steward of the broader software ecosystem,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “As a leader in application security, vulnerability research is part of our DNA. As a CNA, we can more effectively and efficiently disseminate the results of our research to our customers and the software community in general—for both newly discovered vulnerabilities and existing CVE records that may be inaccurate or incomplete.”

The CVE® Program is an international, community-based program whose mission is to identify, define, and catalogue publicly disclosed cybersecurity vulnerabilities. CVE IDs are assigned by CNAs, which are operated on a voluntary basis by participating organizations. Synopsys joins authorized commercial entities such as Linux, Red Hat, Google, and Microsoft as a CNA.

“The identification and availability of accurate and timely vulnerability information is essential when protecting the software supply chain,” said Christopher Fearon, Director of Research Engineering for the Synopsys Software Integrity Group. “As we expand our vulnerability research and development efforts within Synopsys CyRC, the direct nature of disclosing vulnerabilities as a CNA adds an increased level of transparency and speed to our research capabilities.”

To disclose a vulnerability through Synopsys or to learn about our responsible disclosure process, visit our Responsible Disclosure Policy.

About the Synopsys Software Integrity Group

Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As an S&P 500 company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and offers the industry’s broadest portfolio of application security testing tools and services. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing more secure, high-quality code, Synopsys has the solutions needed to deliver innovative products. Learn more at www.synopsys.com.

Leave a Reply

featured blogs
Apr 16, 2021
The Team RF "μWaveRiders" blog series is a showcase for Cadence AWR RF products. Monthly topics will vary between Cadence AWR Design Environment release highlights, feature videos, Cadence... [[ Click on the title to access the full blog on the Cadence Community...
Apr 16, 2021
Spring is in the air and summer is just around the corner. It is time to get out the Old Farmers Almanac and check on the planting schedule as you plan out your garden.  If you are unfamiliar with a Farmers Almanac, it is a publication containing weather forecasts, plantin...
Apr 15, 2021
Explore the history of FPGA prototyping in the SoC design/verification process and learn about HAPS-100, a new prototyping system for complex AI & HPC SoCs. The post Scaling FPGA-Based Prototyping to Meet Verification Demands of Complex SoCs appeared first on From Silic...
Apr 14, 2021
By Simon Favre If you're not using critical area analysis and design for manufacturing to… The post DFM: Still a really good thing to do! appeared first on Design with Calibre....

featured video

Learn the basics of Hall Effect sensors

Sponsored by Texas Instruments

This video introduces Hall Effect, permanent magnets and various magnetic properties. It'll walk through the benefits of Hall Effect sensors, how Hall ICs compare to discrete Hall elements and the different types of Hall Effect sensors.

Click here for more information

featured paper

Understanding the Foundations of Quiescent Current in Linear Power Systems

Sponsored by Texas Instruments

Minimizing power consumption is an important design consideration, especially in battery-powered systems that utilize linear regulators or low-dropout regulators (LDOs). Read this new whitepaper to learn the fundamentals of IQ in linear-power systems, how to predict behavior in dropout conditions, and maintain minimal disturbance during the load transient response.

Click here to download the whitepaper

Featured Chalk Talk

uPOL Technology

Sponsored by Mouser Electronics and TDK

Power modules are a superior solution for many system designs. Their small form factor, high efficiency, ease of design-in, and solid reliability make them a great solution in a wide range of applications. In this episode of Chalk Talk, Amelia Dalton chats with Tony Ochoa of TDK about the new uPOL family of power modules and how they can deliver the power in your next design.

Click here for more information about TDK FS1406 µPOL™ DC-DC Power Modules