Synopsys signs Black Duck software supply chain management deal
Synopsys is extending its moves into supply chain management through a deal with ReversingLabs.
The deal will provide ReversingLabs software development and security teams with a comprehensive software supply chain risk management that covers both third party and open source code.
The Software Integrity Group at Synopsys has leading open-source scanning capabilities in a tool called Black Duck. This will be combined with ReversingLabs’ Software Supply Chain Security (SSCS) Platform to address complete software bill of materials (SBOM) requirements and software supply chain threats. This is increasingly important for continuous integration and continuous delivery (CI/CD) processes.
Black Duck software composition analysis manages the security, quality and license compliance risks that come from the use of open-source code in applications and containers.
The ReversingLabs SSCS Platform complements the capabilities of Black Duck by scanning commercial third-party components for vulnerabilities, malware and instances of software tampering.
These capabilities provide additional visibilities of security risks to quickly identify malware, software tampering and anomalies inserted in software to prevent supply chain attacks before release. Synopsys has been increasing its role in the whole lifetime of chips, from the design and synthesis through to management of hardware and software in the field.
Software supply chain risks
The risks in the software supply chain are increasing, as analyst Gartner predicts that 45% of organizations worldwide will experience attacks on their software supply chains by 2025. This puts added pressure on software suppliers and their internal software development efforts to demonstrate security best practices.
Synopsys is now authorized to resell the ReversingLabs SSCS Platform with Black Duck to create comprehensive, actionable SBOMs automatically and throughout the software supply chain.
“Software and security leaders are looking to Synopsys to lead in delivering complete solutions to secure the rapidly evolving software supply chain threat landscape,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group.
“ReversingLabs provides the perfect complement to our expertise in open-source risk and application security by layering in some of the most advanced security technology available for identifying and eliminating security risk from commercial and third-party software components. Together, we can produce accurate and complete SBOMs that include all sources of software in the supply chain.”
“Recent software supply chain attacks on open-source and commercial third-party software require a new approach to software resilience,” said Mario Vuksan , CEO of ReversingLabs, based in Cambridge, Massachusetts. The company also has sites in Zagreb, Croatia, and Zurich, Switzerland.
“This means organizations must strive for a more holistic view of the software supply chain, a deeper understanding of complex software package composition, including open-source and commercial third-party components, and a more comprehensive view of software behavior. With Synopsys, our combined efforts will not only ensure regulatory needs are met but truly enable developers and security managers to avoid software threats and prioritize and action software risks and quality issues.”
www.synopsys.com/software; www.reversinglabs.com
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
