More Related Content Similar to Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future (20) More from Synopsys Software Integrity Group (20) Synopsys Security Event Israel Presentation: Keynote: Securing Your Software, Today and in the Future1. © 2018 Synopsys, Inc. 1
Build Secure, High-Quality
Software Faster
Girish Janardhanudu, Vice President, Security Consulting,
Software Integrity Group
2. © 2018 Synopsys, Inc. 2
A solid foundation for long term stability and growth
1 Microsoft
2 Oracle
3 SAP
4 Symantec
5 VMware
6 Salesforce
7 Intuit
8 CA Technologies
9 Adobe
10 Teradata
11 Amdocs
12 Cerner
13 Citrix
14 Autodesk
15 Synopsys
16 Sage Group
17 Akamai Technologies
18 Nuance
19 Open Text
20 F5 Networks
Top 20 Global
Software Companies
Engineering Culture
Total Employees: ~12,000
Engineers: 50%
Software Integrity Group: ~1,500
Global Reach
30+ years
Market Cap:
~ $13B
2017 Revenue:
$2.7B
3. © 2018 Synopsys, Inc. 3
Application security
is in our DNA
The authority on open source
security & risk management
Published Thought Leadership
in software security
The team and technology that
found Heartbleed
Pioneer in Software Quality and
Software Security Static Analysis
Pioneer of IAST -
Interactive Application
Security Testing
4. © 2018 Synopsys, Inc. 4
Mobile / Consumer
Devices
Enterprise Networking
and Software
High Reliability
Systems Financial Services
Deep experience in software security and quality testing for many industries
5. © 2018 Synopsys, Inc. 5
A trusted partner to over 4,000 companies
16 of the top 20
commercial banks
9 of the top 10
ISVs
7 of the top 10
aerospace and defense firms
8 of the top 10
global brands
6 of the top 10
semiconductor companies
6. © 2018 Synopsys, Inc. 6
The recognized leader in end-to-end application security
Forrester Wave
Static Application Security Testing
Forrester Wave
Software Composition Analysis
Gartner Magic Quadrant
Application Security Testing
Synopsys is the only vendor recognized as the leader in both SAST and SCA
7. © 2018 Synopsys, Inc. 7
Major security trends
• Increased regulations
• Data manipulation vs data access
• Shortage of security resources
• Pace of attacks
• IOT (edge of the network)
• DevSecOpps, Cloud & CI/CD
• Secure by design or “shift left”
8. © 2018 Synopsys, Inc. 8
Major security trends
• Increased regulations
• Data manipulation vs data access
• Shortage of security resources
• Pace of attacks
• IOT (edge of the network)
• DevSecOpps, Cloud & CI/CD
• Secure by design or “shift left”
9. © 2018 Synopsys, Inc. 10
The Evolving Landscape of Software Development Impacts Software
Integrity
Embedded devices
Cloud (private,
hybrid, public)
Languages, open source
and frameworks
New tech stacks
and attack surfaces
Agile, DevOpsSec, CI/CD
Fit into toolchain eco-systems
Automation through toolchain
integration
New development
philosophies
and approaches
Comprehensive view into risk
Accuracy and speed of quality
defects and security
vulnerability feedback
Focus
Lack visibility into
evolving application
portfolio
Align with workflow timeframes
Security as a core component
of quality
Testing coverage and depth
Changing
testing
demands
10. © 2018 Synopsys, Inc. 11
To succeed, you need to take a multi-layer approach
Strategy
Programs
Services
Tools
11. © 2018 Synopsys, Inc. 12
We help teams build secure, high quality software faster
DevSecOps
Tools
Managed
Services
Strategy &
Planning
Professional
Services
Build Security In Maturity Model (BSIMM)
Coverity
Static Analysis
Black Duck
Software Composition Analysis
Seeker / Defensics
Dynamic Analysis
DevSecOps
Integration
Architecture
and Design
Security
Training
Cloud
Security
Industry
Solutions
Maturity Action Plan (MAP)
Mobile
Security Testing
SAST
Penetration
Testing
DAST
12. © 2018 Synopsys, Inc. 13
We help teams build secure, high quality software faster
DevSecOps
Tools
Managed
Services
Strategy &
Planning
Professional
Services
Build Security In Maturity Model (BSIMM)
Coverity
Static Analysis
Black Duck
Software Composition Analysis
Seeker / Defensics
Dynamic Analysis
DevSecOps
Integration
Architecture
and Design
Security
Training
Cloud
Security
Industry
Solutions
Maturity Action Plan (MAP)
Mobile
Security Testing
SAST
Penetration
Testing
DAST
13. © 2018 Synopsys, Inc. 14
Scale• Augmenting internal teams with external resources
for scalability
• Identify and prioritize vulnerabilities for remediation
• Integrating with DevOps
Software Security Initiatives are a Journey
Launch
• Pen testing to find vulnerabilities
• Compliance driven
• Low level testing
• Programmatically managing risk across your software release cycles
• Driving efficiencies through SDLC integration
• Purposeful blend of automated and manual testing processes
Optimize
OVERLAYINTEGRATE
REACT PREVENT
14. © 2018 Synopsys, Inc. 15
Know where your software security initiatives stand compared to your peers
BSIMM - Build Security In Maturity Model
• Base your SSI on industry best practices
• Compare your SSI against others using 200+ metrics
• Benchmark and track SSI growth
• Interact and learn from BSIMM community peers
Strategy & Planning
15. © 2018 Synopsys, Inc. 16
• Set objectives, outline a strategy, identify resources
• Equip staff to build and operate secure software
• Define how and when to address each software asset
• Plan activities to verify your software security program
Build, evolve, and maintain your software security initiatives
MAP – Maturity Action Plan
Strategy & Planning
16. © 2018 Synopsys, Inc. 17
What this means to our customers
Any test
Static, software composition,
or dynamic analysis
On any software
From legacy to mobile to cloud
to IoT and beyond
At any depth
From rapid automated scanning
to comprehensive analysis
With complete flexibility
From DevSecOps tools
to on-demand services
At any SDLC stage
From design & build
to integrate & deploy
With tools and services
From strategy & planning
to acceleration & integration