Executive Spotlight Interviews | May 8, 2023

Comprehensive Software Inventory a Critical First Step to Reducing Risk


Darence Tan
Country Manager, ASEAN and Australia/New Zealand

Synopsys

Q1. Synopsys recently launched the Fast Application Security Testing services for customers of its Polaris platform. What business need does the service address? How are your customers benefiting from it?

The pressure for business is always faster, faster, faster. Businesses want to release products, services and apps to their customers on increasingly shorter release cycles. Development teams want to reduce friction in their development processes and workflows so that they can meet the pressure of speedier release cycles. Application security teams need scalability so they can provide support to multiple teams, apps and projects to ensure that they are building in security at the speed of business.

The industry has been moving to cloud-based solutions for development toolchains for several years now because cloud-based options are more affordable, scalable, flexible, and easier to use. Development teams also want these benefits from their AST tools, but until now, most cloud-based AST platforms have forced them to give up one or more of their basic demands. An intuitive platform might not be powerful enough to uncover security problems in complex applications. But a tool that is fast locally may not scale for enterprise. Most cloud-based AST systems perform well for static application security testing (SAST) but poorly for software composition analysis (SCA), or vice versa.

Polaris delivers a SaaS AST solution that doesn’t require teams to make these compromises. Polaris is the only platform on today’s market that provides both best-in-class SAST and SCA in a single solution. Teams no longer have to settle for a platform that is strong in SAST but weaker in SCA or vice versa. With Polaris, you get a solution that gives you fast, accurate, and comprehensive SAST and SCA analysis to identify security risks in both your proprietary code and open source dependencies.

Q2. Synopsys’ 2023 “Open Source Security and Risk Analysis” survey showed 84% of open-source codebases contain at least one vulnerability. What should organizations be doing to mitigate their exposure to the threat? What tools can help in this regard?

The first step toward reducing business risk from open source, proprietary, and commercial code involves a comprehensive inventory of all software a business uses, regardless of where it comes from or how it’s acquired. Only with this complete inventory – a Software Bill of Materials (SBOM) – can organizations establish a strategy to address its risk. Unless an organization keeps an accurate and up-to-date inventory of the open source used in its code, the component can be forgotten until it becomes vulnerable to a high-risk exploit.

This is a foundational strategy towards understanding and reducing business risk. Managing this code entails gaining complete visibility into dependencies — a baseline requirement for any modern DevSecOps program, and a foundational strategy towards understanding and reducing business risk. That means organizations no longer need to trust that they are secure — they can verify it.

Q3. What does Synopsys have planned for customers at Black Hat Asia 2023? What do you want them to learn about the company?

Synopsys is launching the all-new Polaris Software Integrity Platform in Singapore at Black Hat Asia 2023. We provide integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open-source tools, allowing organisations to leverage existing investments to build the security program that's best for them. Only Synopsys offers everything you need to build trust in your software. Learn more at www.synopsys.com/software.

Sustaining Partners