The services they offered included application security testing, penetration testing. Software firm synopsys has signed a deal to acquire software security services cigital and security tool provider codiscope, says an. Software security has come a long way, but weve really only just begun. October 2009 building security in maturity model gary mcgraw, ph. Synopsys completes acquisitions of cigital and codiscope. Thanks to john steven for building the first software security framework described in chapter 10 of software security. Thanks to sammy migues, roger thornton and cigital s ssg for helping us. The cyber security landscape is becoming increasingly complex, and many organizations are struggling to determine the right software solution in.
You cant spray paint security features onto a design and expect it to become secure. Synopsys announces double acquisition of cigital and codiscope. However, getting started with an undertaking like a software security initiative can sometimes present a challenge. The building security in maturity model bsimm is a datadriven model developed through the analysis of software security initiatives ssis, also known as applicationproduct security programs. The 7 myths of software security best practices cigital slideshare. Software security continues to make headway as a business necessity. Department of homeland security dhs, national cyber security.
By describing a manageably small set of touchpoints based around the software. Were a recognized leader in software security and quality. Synopsys to expand software security portfolio with buyout of cigital. It reduces risk by delivering actionable guidance in context based on cigital s industryleading experience and the developers organizations own security. Cigital secureassist is a plugin for eclipse which points out common security vulnerabilities as the developer is coding. In 2006, it was clear that organizations were taking many different paths to the destination of software security. Synopsys helps development teams build secure, highquality software, minimizing risks while maximizing speed and. Cigital provides network security, managed services and vendor analysis solutions for retail, energy, financial services and healthcare industries. Synopsys announces double acquisition of cigital and. Software firm synopsys has signed a deal to acquire software security services cigital and security tool provider codiscope, says an announcement on cigital website.
Ready to build secure, highquality software faster. Exploiting software addisonwesley, 2004, building secure software addisonwesley, 2001, software fault injection wiley 1998, securing java wiley, 1999, and java security. In 1999, cigital turned its attention from early work in java security, fault injection, and software testing to software security. During the decade that weve been providing software security services at cigital.
Fortify, cigital release software security program. Synopsys expands security signoff solution with cigital and. Synopsys named a leader in gartners 2019 magic quadrant for appsec testing. Why software security gary mcgraw is the chief technology officer of cigital, inc. The security of software code throughout the software supply chain is a critical concern for companies across a broad range of industries, from. Our tools and services integrate seamlessly into devsecops and your sdlc. Security and risk management leaders must meet tight deadlines and test complex applications but may not have the resources to do it on their own. Cigital is an application security firm specializing in professional and managed services for identifying, remediating and preventing vulnerabilities in software applications, which spunoff codiscope in 2015 which turned the cigital.
Gary mcgraw is a software security practitioner, speaker, and author of 12 books. Their unique expertise, technologies, and training services are a culmination of over twenty years of research and thousands of successful software security. Seven touchpoints for software security building security in. Cigital, security innovation partner on security software. A brief history of software, security, and software security. His realworld experience is grounded in years of consulting with major software producers. Build highquality, secure software faster with our application security testing tools and services.
Cigital competitors, revenue and employees owler company. Build security in maturity model bsimm practices from. Cloud adoption, compliance, modern web application design, devsecops, and highprofile breaches affect how organizations approach software security. I will present a coherent and detailed approach to getting past theory and putting software security into practice. We offer a variety of training optionsfrom instructorled private classes to selfpaced elearning coursesso you can select the approach that fits your learning goals and schedule. We help you find and fix defects in proprietary code, open source components, and application behavior. Gary mcgraw is cto of cigital and a world authority on software security. Cigital was a software security managed services firm based in dulles, va.
Cigital software security 1 software security software security is the idea of engineering software so that it continues to function correctly under malicious attack. Like the yin and the yang, software security requires a careful balance. Cigital is a large, global application security firm specializing in professional and managed services for identifying, remediating and preventing vulnerabilities in software applications. See the paper software assurance for security for one of the earliest representative publications.
Most approaches in practice today involve securing the software. Provides software security services throughout the application lifecycle, from design to deployment. Synopsys to expand software security signoff solution with. Software security khoury college of computer sciences. Company has signed definitive pacts to acquire cigital and codiscope that would enable. The services they offered included application security testing, penetration testing, and architecture analysis. The addition of software security services provider cigital and the provider of complimentary security tools codiscope will boost its software. Cigital is a consulting firm specialized in developing software that helps organizations design, build, and maintain secure software. About the building security in maturity model bsimm.
Gary mcgraw is the chief technology officer of cigital, inc. He serves on the technical advisory boards of authentica, counterpane and fortify software. Industries with lower representation in the bsimm data pool include telecommunications, security, retail, and energy. Our unique expertise, technologies, and training services are a culmination of over twenty years of research and thousands of successful software security. How to navigate the intersection of devops and security. Software security is a systemwide issue that involves both building in security mechanisms and designing the system to be robust. Our mission is to help you build secure, highquality software. He is a globally recognized authority on software security and the author. The figure above specifies the software security touchpoints a set of best practices that i cover in this book and shows how software practitioners can apply the touchpoints to the various software artifacts produced during software. It also provides cloud deployment, staff training and consulting on policies and. Synopsys, cigital and codiscope have a shared vision of building security into the software. Through its software security group, cigital has extensive experience in analyzing commercial software products for both lowlevel and designlevel security vulnerabilities with an emphasis on architectural.
The experts at the synopsys software integrity group then cigital set out to gather data on this phenomenon to analyze how firms with advanced software security initiatives ssis were addressing the challenge of securing their software. Our training programs enable you and your team to make the most of your investment in software security and quality. The figure above specifies the software security touchpoints a set of best. Software security unifies the two sides of software security attack and defense, exploiting and designing, breaking and buildinginto a coherent whole. Given cigital s software centric research focus, it was only natural for cigital. Synopsys completes acquisitions of cigital and codiscope nov 30. Software security is a how to book for software security. The acquisition of cigital and codiscope will add complementary products, services, and a highly skilled workforce to the synopsys portfolio, enabling synopsys to offer a comprehensive software security signoff solution. The figure above specifies the software security touchpoints a set of best practices that i cover in this book and shows how software practitioners can apply the touchpoints to the various software artifacts produced during software development. Codiscope has transformed the tools and intellectual property created by cigital into a suite of accessible and streamlined products for a broad population. Synopsys is the only application security vendor to be recognized by both gartner and forrester as a leader in application security testing, static analysis, and software composition analysis.
1641 247 776 1629 509 369 240 1507 854 474 384 435 122 1221 680 1330 629 1098 1104 96 121 1462 1640 4 574 1368 1385 324 520 126 238 182 200 617